Detections
Analytics

Microsoft Windows LM / NTLMv1 Authentication Enabled

medium Nessus Plugin ID 63478

Language:

Synopsis

The remote Windows host is configured to use an insecure authentication protocol.

Description

The remote host is configured to attempt LM and/or NTLMv1 for outbound authentication. These protocols use weak encryption. A remote attacker who is able to read LM or NTLMv1 challenge and response packets could exploit this to get a user's LM or NTLM hash, which would allow an attacker to authenticate as that user.

Solution

Change the LmCompatibilityLevel setting to 3 or higher.

See Also

http://www.nessus.org/u?593e5d9d

https://support.microsoft.com/en-us/help/2793313/security-guidance-for-ntlmv1-and-lm-network-authentication

http://technet.microsoft.com/en-us/library/cc960646.aspx

Plugin Details

Severity: Medium

ID: 63478

File Name: smb_lm_ntlm_auth.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 1/11/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/WindowsVersion, SMB/registry_full_access

Vulnerability Publication Date: 1/8/2013