NTLM

E196384

NTLM is a Microsoft authentication protocol used to validate users and secure access in Windows-based networks and services.

All labels observed (3)

Label Occurrences
NTLM canonical 7
Windows Authentication 2
NTLMv1 1

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf authentication protocol
authentication protocol
challenge–response authentication protocol
authenticationModel client–server
authenticationSteps negotiate, challenge, authenticate
basedOn challenge–response mechanism
canBeDisabledIn Windows security policy
canBeRelayedOver HTTP
SMB
commonlyUsedOver untrusted networks (despite weaknesses)
commonlyUsedWhen Kerberos is not available
developedBy Microsoft
discouragedBy modern security best practices
documentedIn MS-NLMP specification
doesNotNativelySupport multi-factor authentication
doesNotSupport modern password hashing algorithms like bcrypt or scrypt
hasVersion NTLMv1
NTLMv2
improvesOn NTLM self-linksurface differs
surface form: NTLMv1
introducedBy Windows NT
surface form: Microsoft Windows NT 4.0 SP4
predecessorOf Kerberos-based Windows integrated authentication
recommendedReplacedBy Kerberos
replaced LAN Manager (LM) authentication
standardizedAs proprietary Microsoft protocol
stillPresentIn many legacy Windows environments
storesPasswordAs hash rather than plaintext
supports mutual authentication (in some variants)
session security (signing and sealing)
usedBy HTTP authentication (via NTLM HTTP auth)
Microsoft RPC
surface form: MSRPC

Remote Desktop Protocol
surface form: Remote Desktop Protocol (RDP)

SMB
surface form: SMB protocol

SQL Server
surface form: SQL Server (integrated authentication)
usedFor access control
network authentication
single sign-on in Windows networks
user authentication
usedIn Active Directory environments (as fallback)
Windows domain environments
Windows
surface form: Windows operating systems

Windows for Workgroups
surface form: Windows workgroup environments
uses HMAC-MD5 (in NTLMv2)
MD4-based hashing (for NT hash)
Windows credentials database
domain controller for domain authentication
vulnerableTo brute-force attacks on weak passwords
pass-the-hash attacks
relay attacks
weakerThan Kerberos

How these facts were elicited

Referenced by (10)

Full triples — surface form annotated when it differs from this entity's canonical label.

SQL Server Integration Services supportsSecurityFeature NTLM
this entity surface form: Windows Authentication
Thunderbird email client supportsAuthentication NTLM
subject surface form: Thunderbird
NTLM improvesOn NTLM self-linksurface differs
subject surface form: NTLMv2
this entity surface form: NTLMv1
Enterprise Manager supportsAuthentication NTLM
this entity surface form: Windows Authentication