Web Resource Requires NTLM Authentication
Netsparker detected NTLM authentication is required for a resource.
Generally, using NTLM authentication is not a good solution.
There are some potential issues:
- It may cause some information leakage.
- It may be possible to brute-force or/and lock accounts. Can rarely cause DoS.
- If this is an admin screen, it should not be publicly accessible.
- If this is an unrequired login screen, it should be removed.
- See Impact.
- Disable NTLM authentication or apply firewall rules.