Only if sent in plain text - which is not the case using https, where the data is encrypted. This is why you should NEVER use a strong password that you use for any secure purpose over an insecure link.

If you are speaking of LANs, it really is no longer the case that logon passwords are sent in clear text to be intercepted by packet analyzers.

MS have implemented Kerberos since 2000 (although care must be taken in mixed NT and 2000 envrionments, as NTLM authentication is considerably weaker), where all authentication traffic is encrypted. There's good docs on Kerberos on the MS website.

SD