← Back to context

Comment by gruez

1 month ago

I don't think there's any evidence that windows sends cleartext passwords. The whole reason why NTLM is a thing is to avoid sending cleartext passwords.

3 comments

gruez

Reply

lazide 1 month ago

Outlook appears to be

p_ing 1 month ago
The 'https://' disagrees with your 'sending clear text passwords' statement.
- lazide 1 month ago
  
  It’s clear text to the receiving server, which is what we’re talking about, not one way hashed.