Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think there's any evidence that windows sends cleartext passwords. The whole reason why NTLM is a thing is to avoid sending cleartext passwords.


Outlook appears to be


The 'https://' disagrees with your 'sending clear text passwords' statement.


It’s clear text to the receiving server, which is what we’re talking about, not one way hashed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: