Account Brute Force Possible Through IIS NTLM Authentication Scheme | Support Tips

Account Brute Force Possible Through IIS NTLM Authentication Scheme

What is IIS NTLM Authentication Scheme

Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource.

NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses Windows credentials to transform the challenge data instead of the unencoded user name and password. NTLM authentication requires multiple exchanges between the client and server. The server and any intervening proxies must support persistent connections to successfully complete the authentication.

Brut Force Issue

Brute force issue can occur when an attacker uses several passwords or phrases to try to gain entry into a network or application. With type of authentication there are no vendor supplied patches available.

Solution/ Workaround

The current workaround includes disabling the  NTLM authentication for your Web server. This can be done by unchecking the Integrated Windows Authentication

An alternate solution is to ensure an account lockout policy is in place.

For other types of authentication you can click here


Leave a Reply