What registry key controls the user authentication method for HTTP NTLM in Internet Explorer, and how can it be exploited?

The registry key is `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3` with value `1A00`. Setting it to `0` enables automatic logon with the current username and password, while `10000`, `20000`, and `30000` correspond to prompt, Intranet zone only (default), and anonymous logon. An attacker with client access can modify this key to force the client to send its Net-NTLM hash when visiting any HTTP site requiring authentication.