COMMAND

    NTLMv2

SYSTEMS AFFECTED

    Win32

PROBLEM

    Frank  Monroe  posted  following.   He  has  been  attempting   to
    implement NTLMv2 for several years now.  Unfortunately, due to the
    many bugs that  existed in NT  4.0 (and some  additional ones that
    were created  under Windows  2000) it  has taken  him many  months
    before he was able to switch my DC's to level 5.

    When he finally  made the switch  to 5 he  found that RAS  clients
    could  no  longer  authenticate  to  the  domain.   He  opened yet
    another case with  Microsoft support and  after about nine  months
    they respond and admit to the bug but say they will not be  fixing
    it, even in the Whistler time frame.

SOLUTION

    One  of  the  reasons  Microsoft  gave  is  that NTLMv2 is no more
    secure  than  NTLMv1  because   all  authentication  methods   are
    crackable.  When  Frank asked why  the RAS server  in his entirely
    Windows 2000 domain did not  use kerberos, they gave him  the same
    response.