| ▲ | lazide 6 hours ago |
| Not necessarily, the server can say it only supports basic auth and…. |
|
| ▲ | gruez 4 hours ago | parent [-] |
| I don't think there's any evidence that windows sends cleartext passwords. The whole reason why NTLM is a thing is to avoid sending cleartext passwords. |
| |
| ▲ | lazide 4 hours ago | parent [-] | | Outlook appears to be | | |
| ▲ | p_ing 4 hours ago | parent [-] | | The 'https://' disagrees with your 'sending clear text passwords' statement. | | |
| ▲ | lazide 19 minutes ago | parent [-] | | It’s clear text to the receiving server, which is what we’re talking about, not one way hashed. |
|
|
|
