> MS Proxy (and IIS) come with a proprietary authentication
> method 'NTLM'. IE
> will automatically use the users cached MS network password hash to
> authenticate using NTLM to local servers (including proxies).
It will also authenticate against remote servers (sic).
The NTLM authentication scheme does not send the password
over the wire, but is quite vulnerable to brute-force attacks
if the server's administrator is trying to determine his callers'
passwords. This has been reported as the source of a number
of security vulnerabilities in Windows. Check BugTraq for more
info.
> All win32
> versions of IE from 3.02 and above support this.
Only in Win9X/ME and WinNT/2k. Apparently the feature requires
some support from the system, which Windows 3.XX doesn't offer.
-- /kinkie -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Oct 16 2000 - 01:33:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:45 MST