Security news aggregator

Latest coverage for NTLM

NTLM is a legacy authentication protocol whose weaknesses can enable credential theft, relay attacks, and unauthorized access to network resources.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

NTLM (NT LAN Manager) is a Microsoft challenge-response authentication protocol still supported by Windows. It lets a client authenticate without sending the password in plaintext, and may be used when Kerberos is unavailable or when legacy applications, workgroups, or older systems require it. NTLMv1 is obsolete and weak; NTLMv2 improves the challenge-response exchange but retains important design limitations.

NTLM matters because attackers who obtain an NT password hash may use pass-the-hash to authenticate without knowing the password. NTLM authentication can also be relayed to another service when that service lacks protections such as message signing or channel binding, potentially granting access with the victim’s credentials. Defenders should inventory and reduce NTLM use, prefer Kerberos where supported, protect credential material, and enable signing or equivalent relay-resistant protections on relevant protocols. Authentication logs can help identify unexpected NTLM use and legacy dependencies before attempting to disable it.

Volume over time

Weekly headline count for the current query.

Showing 3 most recent headlines Filtered view