Microsoft Windows Guest Account Belongs to a Group

high Nessus Plugin ID 10907

Synopsis

The 'Guest' account has excessive privileges.

Description

Using the supplied credentials, Nessus was able to determine that the 'Guest' user belongs to groups other than 'Guests' (RID 546) or 'Domain Guests' (RID 514). Guest users should not have any additional privileges.

Solution

Edit the local or domain policy to restrict group membership for the guest account.

Plugin Details

Severity: High

ID: 10907

File Name: smb_groups_guest.nasl

Version: 1.34

Type: local

Agent: windows

Published: 3/15/2002

Updated: 2/4/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L