Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) Specifications
|
Eliminate a security vulnerability that could reveal protected logon credentials.
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
MD5 & SHA Checksum Utility 232 |
HQVPN 203 |
CryptoForge 203 |
Md5Checker 203 |
Remove PowerPoint Password to Modify 203 |
Password Cracker 203 |
Accent Word Password Recovery 203 |
Windows Password Key 203 |
Folder Hidden 203 |
GuardAxon 203 |