On Feb 24, 2008, at 11:21 PM, hever@web.de wrote:
I'm not sure what NTLM version is used as default by authentication
between Outlook and dovecot and I couldn't find it out with a packet
sniffer.I think its NTLMv2 but I'm not sure so I'm asking here.
I know that NTLMv1 is not secure against a man in the middle.
I didn't write the NTLM code, but as far as I understand it, NTLMv2 is
used if both client and server negotiates it. But then again I'd think
a MITM could force v1 to be negotiated and then attack that, so it
doesn't seem all that secure that way either.. Maybe it's prevented in
some way.
I think the password hashes also affect this somehow. Maybe NTLM
passwords work for v2 and LM passwords for v1?
Maybe Andrey can shed some light into this? :)