Detections
Analytics

Microsoft Windows SMB Registry : Winreg Registry Key Detection

medium Nessus Plugin ID 10431

Synopsis

Everyone can access the remote registry.

Description

The registry key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg is missing.

This key allows you to define what can be viewed in the registry by non administrators.

Solution

Install Service Pack 3 (SP3) if not done already, and create the SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths registry key. Under this key, create the value 'Machine' as a REG_MULTI_SZ and put in it what you allow to be browsed remotely.

See Also

http://technet.microsoft.com/library/cc749939.aspx

Plugin Details

Severity: Medium

ID: 10431

File Name: smb_reg_missing_winreg.nasl

Version: Revision: 1.31

Type: local

Agent: windows

Family: Windows

Published: 5/29/2000

Updated: 12/9/2016

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_full_access, SMB/transport

Excluded KB Items: SMB/Win2K/ServicePack