MS-CHAP (NTLM) vulnerability allows offline passwords attacks.
vulners.com/securityvulns/securityvulns:doc:6049
vulners.com/securityvulns/securityvulns:doc:6050