LM Authentication is unsecure... is NTLMv2 an option?
 
Author
Message
SysAider
3
 
Greetings,
We are installing SysAid and wanted to use SSO, but the instructions state that LM authentication is required:

If SSO is still not enabled after following the above instructions, there is an additional change that must be made in the Domain Controller Security Settings for each of your computers. Open Local Policies\Security Options and then set the Network Security --> LAN Manager Authentication Level to LM and NTLM responses. Test this change on one computer, and if it works, make this change for all of your computers using a group policy.

Since using LM and the older version of NTLM creates a serious security vulnerability, I am hoping there is an alternative. NTLMv2 or Kerberos should be the only authentication protocols used.

If SysAid can use NTLMv2 so we can use the SSO feature, but if it requires the unsecure NTLM, or especially LM authentication, we cannot permit it as these protocols are trivial to compromise.

Thank you

Also see:
https://www.windowsecurity.com/articles/Protect-Weak-Authentication-Protocols-Passwords.html
https://support.microsoft.com/kb/147706
https://www.windowsecurity.com/articles/What-You-Dont-Know-Can-Hurt-You-LAN-Manager-Might-Be-Supported.html
SysAider
15
 
Hello,
in my opinion the only way you can avoid using NTLMv1 authentication in SSO is using a IIS as a frontend proxy.

Regards
SysAid Customer Relations
17
 
Hi CalebR ,

This issue require investigation.
If you still don't have a solution for this, please contact helpdesk@sysaid.com.

Thanks,

Shai
SysAider
26
 
Was there ever a fix for this? Does version 9 resolve this issue or does it still exist.
SysAid R&D
192
 
Kerberos SSO was added in 9.0.