3.3 Disable NTLM v1

Information

This feature NT Lan Manager (NTLM) v1 protocol to be used for authentication to resources that request this authentication type.
NTLM v1 contains cryptographic weaknesses that can be easily exploited to obtain user credentials.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("network.auth.force-generic-ntlm-v1", false);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6)

Plugin: Unix

Control ID: 1b30509dcf76ce7cf2964417e88d85c544f0d55b10773af6098a46ce4bb420a0