Affecting NTLMv1 auth has been disabled, NTLM support on non-Windows platforms is now deprecated

Published: | Categories: Privacy & Security

Description

The support for the NT LAN Manager version 1 (NTLMv1) network authentication has been disabled because it’s known as insecure. Companies and organizations still deploying the older protocol should upgrade to NTLMv2. See Honza Bambas’ blog post and Jason Duell’s post to the dev-planning list for details.

This is affecting SharePoint-based or IIS-backed intranet applications. If you encounter any problems on Firefox 30 or later, you can manually enable NTLMv1 using a preference. Note that NTLMv2 is not supported on non-Windows platforms, so OS X and Linux users have to toggle the preference to continue using NTLMv1 as below, though the NTLM auth support on non-Windows platforms is considered deprecated.

How to enable NTLMv1: type about:config in the Address Bar, click the “I’ll be careful” button, find network.negotiate-auth.allow-insecure-ntlm-v1, double-click on it to change the value to true.

Another workaroud here is using Firefox 24 ESR that still enables the NTLMv1 auth.

References