"A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said.
"The Group Policy mechanism is Microsoft's solution to disable NTLMv1 across the network," Segal explained. "The LMCompatibilityLevel registry key prevents the Domain Controllers from evaluating NTLMv1 messages and returns a wrong password error when authenticating with NTLMv1."
"In exploiting these flaws, the idea is to coerce a victim to authenticate to an arbitrary endpoint, or relay the authentication information against a susceptible target and perform malicious actions on behalf of the victim."
Collection
[
|
...
]