3.2 Disable NTLM v1

Information

This setting controls the use of NT Lan Manager (NTLM) v1 protocol that can be used for authentication to resources that request or require this authentication type.

Rationale:

NTLM v1 contains cryptographic weaknesses that can be easily exploited to obtain user credentials.

Impact:

This may affect websites and browsers that require the use of NTLM v1

Solution

To establish the recommended configuration, set network.auth.force-generic-ntlm-v1 to false:

Type about:config in the address bar

Type network.auth.force-generic-ntlm-v1 in the filter

Configure the setting as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('network.auth.force-generic-ntlm-v1', false)

Default Value:

False

Additional Information:

This configuration was previously set with 'network.negotiate-auth.allow-insecure-ntlm-v1'

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6)

Plugin: Unix

Control ID: faf6cf43d38675e2fed0faf7f2147d352962441b7204201fd6e659067fdd4db2