User can login in portal entering wrong password.
I enable NTLM autentication,
and LDAP importing users from my AD.
Open browser (firefox, safari) outside domain
click on sign in and the browser asks for username and password
via browser standard form
now insert a correct username and a wrong password
portal recognize me without checking password
I think this is a big security problem.
How can I force password checking keeping NTLM authentication active?
Am I missing something?
Final note: AD keeps password encripted
and disabling NTLM i cannot login in portal, so i need NTLM.
found was already in forum but cannot find solutions