Microsoft Windows LM / NTLMv1 Authentication Enabled

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Windows host is configured to use an insecure authentication

Description :

The remote host is configured to attempt LM and/or NTLMv1 for outbound
authentication. These protocols use weak encryption. A remote attacker
who is able to read LM or NTLMv1 challenge and response packets could
exploit this to get a user's LM or NTLM hash, which would allow an
attacker to authenticate as that user.

See also :

Solution :

Change the LmCompatibilityLevel setting to 3 or higher.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Windows

Nessus Plugin ID: 63478 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now