Credential Theft via Legacy Windows Protocols in Local Networks
Summary
Hide ▲
Show ▼
Legacy Windows communication protocols, specifically Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS), continue to expose organizations to credential theft. Attackers can capture login data by being on the same local network as their targets, leveraging tools like Responder to intercept authentication data. This method does not exploit software vulnerabilities but relies on default Windows behavior. The captured data can be cracked offline or reused in relay attacks, providing access to corporate databases, file servers, and administrative systems. Once attackers obtain valid credentials, they can move laterally across the network, escalate privileges, and disrupt critical business services. Organizations are advised to disable LLMNR and NBT-NS, enforce secure authentication methods, and monitor for unusual traffic on these protocols.
Timeline
-
14.10.2025 18:45 1 articles · 1d ago
Legacy Windows Protocols Expose Networks to Credential Theft
A new cybersecurity study found that legacy Windows communication protocols, specifically LLMNR and NBT-NS, continue to expose organizations to credential theft. Attackers can capture login data by being on the same local network as their targets, leveraging tools like Responder to intercept authentication data. The captured data can be cracked offline or reused in relay attacks, providing access to corporate databases, file servers, and administrative systems. Organizations are advised to disable these legacy protocols, enforce secure authentication methods, and monitor for unusual traffic on these protocols.
Show sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45
Information Snippets
-
LLMNR and NBT-NS protocols trust any device that responds to their requests, allowing attackers to impersonate legitimate systems.
First reported: 14.10.2025 18:451 source, 1 articleShow sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45
-
Attackers can use tools like Responder to intercept authentication data, capturing usernames, domain details, and encrypted password hashes.
First reported: 14.10.2025 18:451 source, 1 articleShow sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45
-
Captured data can be cracked offline or reused in relay attacks, providing access to corporate databases, file servers, and administrative systems.
First reported: 14.10.2025 18:451 source, 1 articleShow sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45
-
Once attackers obtain valid credentials, they can move laterally across the network, escalate privileges, and disrupt critical business services.
First reported: 14.10.2025 18:451 source, 1 articleShow sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45
-
Organizations are advised to disable LLMNR and NBT-NS, enforce secure authentication methods, and monitor for unusual traffic on these protocols.
First reported: 14.10.2025 18:451 source, 1 articleShow sources
- Legacy Windows Protocols Still Expose Networks to Credential Theft — www.infosecurity-magazine.com — 14.10.2025 18:45