What authentication method does OWA use, and why is it important for penetration testing?

OWA only supports plaintext password login; NTLM hash authentication is not accepted for the web interface. This means attackers who capture a user’s password (e.g., through phishing or keylogging) can directly access OWA, whereas hash‑based attacks like pass‑the‑hash require alternate protocols such as those used in Domain Penetration - Remote Execution via Scheduled Tasks in GPO. The login process sends a POST to `/owa/auth.owa` and returns the critical `X-OWA-CANARY` token in the response cookie.