Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration
Medium Nessus Plugin ID 18602
SynopsisThe remote host allows null session event log reading.
DescriptionIt is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog().
An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable information, an attacker may use them to perform a better attack against the remote host.
SolutionInstall the Update Rollup Package 1 (URP1) for Windows 2000 SP4 or set the value RestrictGuestAccess on the Applications and System logs.