From 7802a39e8553ba9982c7eac7fee97c3d98c254f7 Mon Sep 17 00:00:00 2001
From: Danny McCormick <damccorm@microsoft.com>
Date: Thu, 27 Feb 2020 09:56:06 -0500
Subject: [PATCH] Deprecate ntlm (#196)

* Deprecate ntlm

* Update ntlm.ts
---
 lib/handlers/ntlm.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/handlers/ntlm.ts b/lib/handlers/ntlm.ts
index 235cdf36..ff786c91 100644
--- a/lib/handlers/ntlm.ts
+++ b/lib/handlers/ntlm.ts
@@ -1,6 +1,14 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
+// This handler has been deprecated.
+// Our recommendation is to use one of the other supported handlers due to security concerns around NTLM protocol.
+// See these articles for more info:
+// * https://securiteam.com/securityreviews/5op0b2kgac/
+// * https://www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/
+// * https://docs.microsoft.com/en-us/archive/blogs/miriamxyra/stop-using-lan-manager-and-ntlmv1 - this one is us (MS) telling people to stop using NTLMV1, and pointing to some issues surrounding V2 that have since been discovered to be worse than thought
+// * https://www.helpnetsecurity.com/2019/10/10/ntlm-vulnerabilities/
+
 import ifm = require('../Interfaces');
 import http = require("http");
 import https = require("https");