Security Basics mailing list archives
Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618
From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Fri, 20 Jun 2003 10:51:07 +0200
----- Original Message ----- From: "Damon McMahon" <inst_karma () hotmail com> To: <deppdm () ornl gov>
Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1
client
shows the login: and password: transmitted in clear text to a Windows XP telnet server. Can you specify any documentation stating NTLM is used?
This doesn't answer your question directly, but Microsoft stated in security bulletin 00-67: "Windows 2000 includes a telnet client capable of using NTLM authentication when connecting to a remote NTLM enabled telnet server. A vulnerability exists because the client will, by default, perform NTLM authentication when connecting to the remote telnet server. " Thus, NTLM seems to have been the default choice originally. I guess the patch from that security bulletin might have changed the default setting? Cheers, Anders :) --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Damon McMahon (Jun 19)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Ansgar Wiechers (Jun 20)
- RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 dave (Jun 20)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Anders Reed Mohn (Jun 20)
- <Possible follow-ups>
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Hilal Hussein (Jun 24)
- RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Joe Osborn (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Brad Mills (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 James Fields (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Justin Pryzby (Jun 25)