Kerberos and NTLM Security Vulnerabilities
LAN Manager (LM) Protocol
NTLM Version 1 (NTLMv1)
NTLM Version 2 (NTLMv2)
Extended Session Security
Current Status and Deprecation
Type 1 Message (Negotiate)
Type 2 Message (Challenge)
Type 3 Message (Authentication)
Challenge-Response Mechanism
Session Key Establishment
DES-based Algorithm
Case Insensitivity Weakness
14-Character Limitation
Storage Format
MD4-based Algorithm
Unicode Support
Salting Absence
SMB/CIFS Authentication
HTTP NTLM Authentication
LDAP NTLM Authentication
RPC Authentication
SAM Database Storage
LSASS Memory Storage
Cached Credentials
Registry Storage Locations
Previous
1. Foundations of Windows Authentication
Go to top
Next
3. NTLM Security Vulnerabilities