SMB Signing not required

medium Nessus Plugin ID 57608


Signing is not required on the remote SMB server.


Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.


Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.

See Also

Plugin Details

Severity: Medium

ID: 57608

File Name: smb_signing_disabled.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 1/19/2012

Updated: 10/5/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Based on analysis of vulnerability


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: manual


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/17/2012