alt Hacker News>Basically everything microsoft makes that touches http will send your username and your password to any server that asks for Basic Authentication.
Are you talking about NTLM hashes? It's a weak hash, but not the same as "sending your password". The biggest difference is that even a weak hash can't be reversed if the password has high enough entropy.
Replies
lazide • yesterday at 3:35 PM
Not necessarily, the server can say it only supports basic auth and….
➕ show 1 reply
yes, I meant to type hash. Not that it matters as even 10yr old integrated GPUs are enough to brute force 8 or 9 character NTLM(or any variant) passwords in a few hours. Not that you need to with Pass The Hash.