Microsoft Windows SMB Registry : Winreg Registry Key Detection

Medium Nessus Plugin ID 10431


Everyone can access the remote registry.


The registry key HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg is missing.

This key allows you to define what can be viewed in the registry by non administrators.


Install Service Pack 3 (SP3) if not done already, and create the SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths registry key. Under this key, create the value 'Machine' as a REG_MULTI_SZ and put in it what you allow to be browsed remotely.

See Also

Plugin Details

Severity: Medium

ID: 10431

File Name: smb_reg_missing_winreg.nasl

Version: $Revision: 1.31 $

Type: local

Agent: windows

Family: Windows

Published: 2000/05/29

Modified: 2016/12/09

Dependencies: 10150, 10394, 10428, 10401

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/registry_full_access

Excluded KB Items: SMB/Win2K/ServicePack