Your data. Your choice.

If you select «Essential cookies only», we’ll use cookies and similar technologies to collect information about your device and how you use our website. We need this information to allow you to log in securely and use basic functions such as the shopping cart.

By accepting all cookies, you’re allowing us to use this data to show you personalised offers, improve our website, and display targeted adverts on our website and on other websites or apps. Some data may also be shared with third parties and advertising partners as part of this process.

Legal noticePrivacy notice
Shutterstock
News + Trends
90

New tools for old problems: Weak Windows passwords in our sights

Florian Bodoky
19.1.2026
Translation: machine translated

Cybersecurity company Mandiant publishes freely accessible rainbow tables that can be used to quickly decrypt outdated NTLMv1 admin passwords.

The developers at Mandiant have published a large collection of so-called Rainbow Tables. This database consists of pre-calculated cryptographic values and makes it possible to decrypt outdated administration passwords of the Windows protocol Net-NTLMv1. The Rainbow Table is freely accessible on Google Drive.

What is the problem with NTLMv1?

NTLMv1 is a Microsoft authentication protocol from the 1980s. As early as the 1990s, however, analyses showed that the protocol had weaknesses. In 2012, the DEFCON security conference was held, at which the standard was finally declared insecure and therefore unusable. Microsoft itself replaced NTLMv1 with NTLMv2 several years ago and officially announced in 2022 that the old version would be discontinued. Nevertheless, NTLMv1 is still used in some networks for various reasons. By publishing the tables, Mandiant wants to show how easily old-style administrator passwords can be cracked. Security experts see this as a tool for tests and audits for IT managers.

It doesn't require expensive equipment or a lot of time

Mandiant claims that with the new Rainbow Tables, an administrative NTLMv1 password can be reconstructed in less than twelve hours. This «does not require expensive specialised hardware, but can work with hardware in the price range of less than 600 US dollars».

The rainbow tables can be used specifically against Net-NTLMv1 hashes. These can be used for authentication in the Windows network. As soon as an attacker has a valid hash, for example by intercepting data traffic or using other authentication enforcement tools, they can use the table to find the corresponding password.

How should those responsible react now?

Mandiant recommends that network operators immediately deactivate support for Net-NTLMv1 in their systems and switch to newer authentication mechanisms. This is the only way to permanently secure networks against such attacks.

Header image: Shutterstock

9 people like this article

User Avatar
User Avatar
Florian Bodoky
Editor
Florian.Bodoky@digitecgalaxus.ch

I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue. 

News + Trends

From the latest iPhone to the return of 80s fashion. The editorial team will help you make sense of it all.

Show all

These articles might also interest you

  • News + Trends

    ByteDance signs TikTok deal with USA

    by Florian Bodoky

  • News + Trends

    Siri gets a brain from Google

    by Samuel Buchmann

  • News + Trends

    Ixi develops glasses with autofocus

    by David Lee

Comments

Avatar