RE: is the latest ISA2000 security update a dud?
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 27 Jun 2005 09:47:44 -0400
That's the LMHash limit, a left over from the old Window v3.x days.
That is the reason why have to get to 15 or more characters to bypass
that vulnerability, forces it to use the newer hash.
________________________________
From: Zvonimir Bilic [mailto:zbilic@xxxxxxxxxxxx]
Sent: Monday, June 27, 2005 08:46
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: is the latest ISA2000 security update a dud?
http://www.ISAserver.org
Hi Tom,
I think that by default windows has a password limit of 14 characters.
How did you configure windows to allow more than 14 characters
passwords? Is there any documentation on this?
Thanks,
Zvonimir
----- Original Message -----
From: "Thomas W Shinder"
To: "[ISAserver.org Discussion List]"
Sent: 6/27/2005 8:34AM
Subject: [isalist] RE: is the latest ISA2000 security update a dud?
http://www.ISAserver.org
Hi Dan,
From what I understand (which could be wrong), they could capture the
password hash over the wire, and run it against a Rainbow crack. That's
why I've upgraded our password policy to 24+ characters, since we use
secure Exchange RPC to connect from places like airports and such.
Other related posts:
