Re: IE NTLM vulnerability?

12-21-2009

It could be using cached credentials and automatically logging in. You
already authenticated yourself when you logged in to Windows, so this might
be okay.

I would check your "User Authentication" settings for the zone.

Paul

"thathu" <> wrote in message
news:49841144-a0ee-44c3-8b6a-...
>I wrote a filter code on Tomcat to read the NTLM credentials from IE
> and do a Base 64 decode and get the user-id. I noticed that when I
> change IE NTLM settings to manually enter user-id and password, IE
> lets me through with any user-id and does not validate the login I
> enter against any source.
>
> Is this a security hole?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Negotiate,NTLM. IE does not try NTLM after kerberos fails	briend	Internet Explorer	4	04-24-2010 04:56 PM
I also have an error 646 in Windows update. Please help.	Jose	Windows Update	12	01-09-2010 01:00 PM
WINDOWS UPDATE ERROR CODE 646	Lauracecilia	Windows Update	13	12-10-2009 06:02 PM
Event ID 537- NTLM logon errors on SBS 2003	Simon	Windows Small Business Server	1	11-09-2009 08:03 AM
Windows Server 2003 - How to stop it from usnig NTLM	Engr	Server Security	0	11-05-2009 11:16 PM