This authentication protocol is subject to the following vulnerabilities:
These attacks, if successful, compromise the client's password, and allow the attacker access to the client's files even after the client's session has ended. Because of these attacks, it should be used only when needed for backwards compatibility, or where the chances of eavesdropping are deemed acceptable, such as relatively isolated networks. It is more secure than plaintext password authentication, because passwords are never seen in the clear on the network. Whenever possible, the use of the NT LM 0.12 authentication is to be preferred.