VULHUB ™

The algorithm used to encrypt LANMAN passwords is inherently weak. This is due to the fact that all passwords are 14 characters in length and are in upper case letters. Longer passwords are truncated and shorter passwords are padded with spaces to reach the 14 character limit. Furthermore, passwords are broken into two 7-character blocks prior to encryption. This is of considerable concern to users of systems that provide legacy support as the LANMAN passwords may be easily guessed or brute-forced in a relatively short period of time.

The algorithm used to encrypt LANMAN passwords is inherently weak. This is due to the fact that all passwords are 14 characters in length and are in upper case letters. Longer passwords are truncated and shorter passwords are padded with spaces to reach the 14 character limit. Furthermore, passwords are broken into two 7-character blocks prior to encryption. This is of considerable concern to users of systems that provide legacy support as the LANMAN passwords may be easily guessed or brute-forced in a relatively short period of time.