NTLMv1 Exploit Found in Active Directory Misconfiguration
/ 1 min read
🔄 Microsoft Active Directory Group Policy misconfiguration allows NTLMv1 bypass. Cybersecurity researchers have discovered that a misconfiguration in on-premise applications can override Microsoft’s Group Policy intended to disable NT LAN Manager (NTLM) v1 authentication. This vulnerability allows organizations to inadvertently enable NTLMv1, despite efforts to secure their networks. While NTLMv2 offers improved security, it still has weaknesses that can be exploited by attackers. To mitigate risks, experts recommend enabling audit logs for NTLM authentication and ensuring systems are kept up-to-date. This finding follows other recent security concerns, including a zero-day vulnerability in PDF readers that could leak sensitive information.
