Microsoft Windows SMB NULL Session Authentication

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

It is possible to log into the remote Windows host with a NULL
session.

Description :

The remote host is running Microsoft Windows. It is possible to log into it
using a NULL session (i.e., with no login or password).

Depending on the configuration, it may be possible for an unauthenticated,
remote attacker to leverage this issue to get information about the remote
host.

See also :

http://support.microsoft.com/kb/q143474/
http://support.microsoft.com/kb/q246261/
http://technet.microsoft.com/en-us/library/cc785969(WS.10).aspx

Solution :

Apply the following registry changes per the referenced Technet
advisories :

Set :
- HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Remove BROWSER from :
- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\NullSessionPipes

Reboot once the registry changes are complete.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.2
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 26920 ()

Bugtraq ID: 494

CVE ID: CVE-1999-0519
CVE-1999-0520
CVE-2002-1117

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now