SMB Use Host SID to Enumerate Local Users Without Credentials

Medium Nessus Plugin ID 56211


Nessus was able to enumerate local users, without credentials.


Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system, without credentials.



Plugin Details

Severity: Medium

ID: 56211

File Name: smb_sid2localuser_null_session.nasl

Version: $Revision: 1.6 $

Type: remote

Agent: windows

Published: 2011/09/15

Modified: 2017/01/30

Dependencies: 56210, 10150, 10394

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:C


Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/null_session/host_sid

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1998/04/28

Reference Information

CVE: CVE-2000-1200

BID: 959

OSVDB: 714, 715