Security Basics mailing list archives
RE: OWA, basic authentication, and Windows NT Challenge and Response NTLM
From: "Matt Toczek" <MattT () netforcement com>
Date: Tue, 21 Mar 2006 13:34:04 -0500
Bret, Yes, this is certainly possible. The scenario you're describing is a good example of a MITM (Man In The Middle) attack. NT Challenge/Response isn't going to be of much help in this case. Since the Man in the middle (paros or some other such program) is going to intercept the user's credentials and the CR's, the server can challenge/response as many times as it likes, and the attacker is going to grab it all. Ideally the OWA cert would be signed by a well-known and widely-trusted CA. In this case, the user's browser would likely trust it implicitly, thus limiting the user discretion required; this will help protect them against MITM attacks. Installing a self-signed cert on the OWA box is a good way to open up the transmissions to MITM attacks. Sincerely, Matthew Toczek, Security+, MCP, Security Operative www.netforcement.com 610.260.9989 Office PGP KeyID:0x50AD708C 7D59 0A05 D108 F526 E4AE 3FA7 EB8B 731A 50AD 708C -----Original Message----- From: bret.lugo () gmail com [mailto:bret.lugo () gmail com] Sent: Wednesday, March 15, 2006 8:22 PM To: security-basics () securityfocus com Subject: OWA, basic authentication, and Windows NT Challenge and Response NTLM If a user uses Outlook Web Acess over https on a untrusted network such as a wifi hotspot or a airport and does not check the certificate to make sure its valid would it be possible for someone to use a program proxy such as paros to see there user name and password if basic authentication is used on the OWA server? Would using Windows NT Challenge and Response NTLM not allow this to happen? Also what would be the best defense against this sort of attack if your users do not check for valid certificates when using untrusted networks? Maybe make them IPsec VPN in before they can access OWA? Thanks for the help ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- OWA, basic authentication, and Windows NT Challenge and Response NTLM bret . lugo (Mar 16)
- <Possible follow-ups>
- RE: OWA, basic authentication, and Windows NT Challenge and Response NTLM LordInfidel (Mar 21)
- RE: OWA, basic authentication, and Windows NT Challenge and Response NTLM Matt Toczek (Mar 21)