Skip to content

H3-2024-0034

NTLM Authentication Endpoint Exposed to the Internet

Category SECURITY_MISCONFIGURATION
Base Score 4.0

Description

An NTLM authentication endpoint is exposed to the Internet.

Impact

NTLM (New Technology LAN Manager) is a legacy Windows single sign on (SSO) protocol. These endpoints are attractive to attackers because the NTLM protocol does not support multi-factor authentication (MFA). Attackers can freely conduct password spray and credential stuffing attacks against these endpoints, potentially leading to initial access and bypassing MFA. These endpoints also leak information such as internal company domain names and computer names.

References