Security Basics mailing list archives

OWA, basic authentication, and Windows NT Challenge and Response NTLM

From: bret.lugo () gmail com
Date: 16 Mar 2006 01:22:18 -0000

If a user uses Outlook Web Acess over https on a untrusted network such as a wifi hotspot or a airport and does not 
check the certificate to make sure its valid would it be possible for someone to use a program proxy such as paros to 
see there user name and password if basic authentication is used on the OWA server?

Would using Windows NT Challenge and Response NTLM not allow this to happen?

Also what would be the best defense against this sort of attack if your users do not check for valid certificates when 
using untrusted networks?

Maybe make them IPsec VPN in before they can access OWA?

Thanks for the help


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

OWA, basic authentication, and Windows NT Challenge and Response NTLM bret . lugo (Mar 16)
- <Possible follow-ups>
- RE: OWA, basic authentication, and Windows NT Challenge and Response NTLM LordInfidel (Mar 21)
- RE: OWA, basic authentication, and Windows NT Challenge and Response NTLM Matt Toczek (Mar 21)