Microsoft Windows LM / NTLMv1 Authentication Enabled

Medium Nessus Plugin ID 63478


The remote Windows host is configured to use an insecure authentication protocol.


The remote host is configured to attempt LM and/or NTLMv1 for outbound authentication. These protocols use weak encryption. A remote attacker who is able to read LM or NTLMv1 challenge and response packets could exploit this to get a user's LM or NTLM hash, which would allow an attacker to authenticate as that user.


Change the LmCompatibilityLevel setting to 3 or higher.

See Also

Plugin Details

Severity: Medium

ID: 63478

File Name: smb_lm_ntlm_auth.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2013/01/11

Modified: 2013/01/11

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/registry_full_access, SMB/WindowsVersion

Vulnerability Publication Date: 2013/01/08