Evolution

MS IE

MS Internet Explorer authentication

The situation

Without your knowledge, MS Internet explorer on Windows NT transparently attempts to authenticate with a remote Web server that requests NTLM authentication.

During the authentication negotiation, IE sends your username, domain name or workgroup and hostname in the clear to anyone who asks. This is a serious flaw in itself.

The remote server than chooses and sends an 8 byte challenge to the client. Your IE client on NT will then encrypt a function of your password with this challenge, and send it back to the server. The server should compare its version of your encrypted password with the one sent by the client to complete the authentication.

In fact two versions of your encryped password are sent, one of which is based on the full length and character set of your password up to 128 characters, the other one is the first 14 characters of your password in upper case.

The problems

The repercussions

By setting the challenge to a constant the server can pre-compute a massive database of possible passwords and instantly detect whether the client is using any one of these.

Even if the user uses a strong password, the server can spend as much time as it wishes in the future to attempt to guess the password without ever having to contact a real NT server.

The solutions

The test

This only works with Internet explorer on windows NT

After you have tried this, please change your password immediately, whether it was guessed or not. Note that the dictionary in use is quite small.

Try it

Credits

Thanks to Craig H. Rowland for the suggestion of attacking the MS Exchange/WWW authentication protocol with the static challenge problem observed for file sharing.

Thanks to Evolution for hosting this demonstration.

Contact the author Paul Ashton of Eigen Solutions Ltd.