ntlm auth
NTLM Authentication Vulnerability N/A
Web Client NTLM Authentication Vulnerability bug repair. more>> Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.<<less
Microsoft Windows 2000 Patch: Web Client NTLM Auth
This update resolves the Web Client NTLM Authentication security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001 more>> This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials.
Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user. This is because the security settings for WEC components are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications.
The vulnerability exists because WEC, which allows Internet Explorer to view and publish files via Web Folders, does not adhere to the recommended security settings in Internet Explorer, and performs NTLM authentication for any server that requests it. A malicious Web site operator could format a document to request NTLM authentication from a visiting user automatically, causing the users authentication credentials to be sent by default. Once the credentials are revealed, the operator may be able to use specialized tools to derive the users password.
Note This vulnerability affects only computers running versions of Internet Explorer later than 5.0 with Web Folders enabled. For more information about this vulnerability, read Microsoft Security Bulletin MS01-001.
<<lessMicrosoft Windows 2000 Patch: Web Client NTLM Authentication Update
Microsoft Windows 2000 Patch: Web Client NTLM Authentication Update is designed to deal with the Web Client NTLM Authentication security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001 more>>
Microsoft Windows 2000 Patch: Web Client NTLM Authentication Update is designed to deal with the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials.
Under specific conditions, this vulnerability allows a malicious Web site operator to obtain the cryptographically protected logon credentials of a visiting user. This is because the security settings for WEC components are set to incorrect levels, which allows your computer to send information about your authentication credentials to remote Web applications.
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001 is regarded as an innovative and versatile patch which eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. more>>
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001 is regarded as an innovative and versatile patch which eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me.
The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system.
However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.
Frequently asked questions regarding this vulnerability can be found here.
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) MS01-001
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) has come as a handy tool to deal with a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. more>>
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) MS01-001 has come as a handy tool to deal with a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows Internet Explorer to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed.
Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.
Microsoft Windows ME Security Patch: Web Client NTLM Authentication Vulnerability MS01-001
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding fil more>>
Auth 1.01.0
Command line tool to test authentication of a user id. more>>
.NET Mailer AsterMail 2.65
This is the software for sending and receiving E-mail. more>> This is the software for sending and receiving E-mail. Along with basic functions as mail soft, can use SMTP over SSL and POP over SSL to improve security. Supports SMTP Authentication ( SMTP-AUTH ) by CRAM-MD5, LOGIN,PLAINand supports APOP Authentication. Can change a character set and an encoding method. Supports RFC2231 format as an encoding method of the file name. You can buy the Source Code ( C#2005, VB2005, C#.NET, VB.NET ) of this software. Please use the Source Code of this software to develop a mailer or software having the mail send and receive function. It is also the optimum material as sample software for studying how to develop software.<<less
Stealth Mailer 3.0
Stealth Mailer is a useful and advanced anonymous emailer with features never seen before more>>
Some of its unique features include sending of Html email with inline picture embedding, ESMTP auth support, SSL support, attaching files from local disk or from URL and read receipt requesting. Moreover, it uses an enhanced technique to bypass spam filters. It also has inbuilt tools such as email address validity checker and SMTP server tracer.
Winrtgen 2.3
Winrtgen is a graphical Rainbow Tables Generator more>>
Winrtgen supports LM, FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL, MSCACHE, SHA1, RIPEMD160, MySQL323, MySQLSHA1, MD2, MD4, MD5, CiscoPIX, ORACLE, SHA-2 (256), SHA-2 (384) and SHA-2 (512) hashes
CryptoTerm 1.11
CryptoTerm is an innovative and versatile package consisting of following programs: Terminal Emulator, FTP (SFTP) Client and Batch FTP (SFTP) Client. more>>
CryptoTerm 1.11 is an innovative and versatile package consisting of following programs: Terminal Emulator, FTP (SFTP) Client and Batch FTP (SFTP) Client.
CryptoTerm package allows you to obtain a uniform, unified and intuitive access to diversified system environments - starting from Windows, through Unix environments, up to the IBM Mainframe systems. CryptoTerm provides connections through: Telnet, Serial RS-232, Modem and safe, encrypted SSH (1, 2), SSL 3.0 and TLS 1.0 protocols.
It guarantees unambiguous end-user authentication with the help of: certificates, public/private keys, PKCS#11 devices, NTLM and Kerberos protocols. CryptoTerm provides accurate terminal emulations: XTERM, ANSI, SCOANSI, VT100, VT220, VT220-8, VT320, VT320-8, WYSE60 (WYSE60 COLOR), LINUX, HP and TN3270 (3278-2, 3278-3, 3278-4, 3278-5, printer 3287-1 and IND$FILE transfer protocol).
with the help of: certificates, public/private keys, PKCS#11 devices, NTLM and Kerberos, public/private keys, PKCS#11 devices, NTLM and Kerberos protocols. CryptoTerm providesSMTP Client Deux 1.2.0
SMTP Client Deux is a 4th Dimension component that gives you a complete implementation of the SMTP protocol. more>>
SMTP Client Deux works on top of the commercial TCP Deux 4D component, also available from Deep Sky Technologies, Inc.
With the SMTP Client Deux component, a 4th Dimension developer has complete implementation of the SMTP protocol from within 4D. The protocol relies on the TCP Deux component for all TCP communication needs, thereby removing any reliance on current or future TCP plugins which are available for use in 4D. The implementation of SMTP within the SMTP Client Deux component also eliminates long bugs and anomalies that have existed in plugin implementations of the SMTP protocol.
Main features:
- Simple and direct email sending (e.g. QuickSend);
- Single method access for sending HTML email;
- Full support for one or more attachments;
- Built in attachment encoding for error free operation;
- Full support for SMTP AUTH;
- Full support for NTLM, the proprietary SMTP AUTH scheme commonly commonly used by Microsoft products;
- Full support for specifying content-type for attachments;
- Full support for specifying content-type of email body (e.g. for HTML email);
- Complete email header field control;
- Utility routines for formatting and encoding attachments;
- Utility routines for formatting recipients;
- More than two dozen different email header lines supported;
- Custom constants to speed the creation of complex emails;
- Fully cross-platform and native implementation for SMTP protocol;
- Compatibility with 4D v6.7.x, 4D v6.8.x, and 4D v7.0.x (4D 2003);
- Support for 4D v6.8.x and 4D v7.0.x (4D 2003) under Carbon, providing compatibility with MacOS 8/9, MacOS X, and Windows 98/2000/NT/XP;
- Support for encoding for Chinese and Japanese targeted emails.
Note: This a peepware version. (http://www.deepskytech.com/prod_components/smtp_client_deux/pricing.html)
GNU Wget 1.11.4s
This is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Int more>> This is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Int
GNU Wget is a free software solution that will allow you to retrieve files using HTTPS, HTTP, and FTP, the most widely-used Internet protocols.
GNU Wget is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.
GNU Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including":
- Can resume aborted downloads, using REST and RANGE
- Can use filename wild cards and recursively mirror directories
- NLS-based message files for many different languages
- Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
- Runs on most UNIX-like operating systems as well as Microsoft Windows
- Supports HTTP and SOCKS proxies
- Supports HTTP cookies
- Supports persistent HTTP connections
- Unattended / background operation
- Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
Enhancements:
- This release contains fixes for a major security problem: a remotely exploitable buffer overflow vulnerability in the NTLM authentication code. All Wget users are strongly encouraged to upgrade their Wget installation to the last release.
BW-pie-AuthRefresher 0.03
This add-in removes 10 minutes timeout from Broken Worlds online game. more>> This add-in removes 10 minutes timeout from Broken Worlds online game.
It requests for "Notepad" every 8 minutes, to refresh auth session in server, so your session wouldnt expire after 10 minutes of inactivity and your mana wouldnt be lost ;)<<less
nPOP 1.07
nPOP allows you to access e-mail on a POP3 mail server on your Pocket PC or PC. more>>
The mail displayed by nPOP is only the mail on the present on the server. Therefore, if mail is deleted from your server it will disappear from a list, even if the mail is displayed in the list.
When you connect using nPOP, the mail is listed and you can see the header only. From that list you can select e-mail you want to receive on your Pocket PC or PC. This is more efficient than downloading all the e-mail on your Pocket PC or PC.
Main features:
- Portable e-mail clients (USB Memory, Floppy Disk)
- Management of the mail on a server
- Receive e-mail (POP3 and APOP)
- Send e-mail (SMTP and SMTP-AUTH and POP before SMTP)
- Multi-account support (round reception is possible)
- Automatic check for new mail
- A thread display of the mail list
- Filters for Routing Received e-mail (Anti spam)
- Simple address book
- Dial-up management
- SSL/STARTTLS (npopssl.dll and OpenSSL Library)
