Ebuka John Onyejegbu

0 %
Ebuka John Onyejegbu
Red Teamer
Incidence Responder
SANS GCIH | OSCP
  • Residence:
    Nigeria
  • City:
    Lagos
Batch
Bash
Powershell
html
CSS
Js
PHP
WordPress
  • Linux, Windows
  • Windows Server
  • Linux Server
  • Cloud, Azure, AWS, Oracle
0

No products in the cart.

Microsoft Windows SMB NULL Session Authentication

August 9, 2022

Vulnerability: Microsoft Windows SMB NULL Session Authentication

Severity: High

Description: The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.

Solution: Apply the following registry changes per the referenced Technet advisories:

Set:

  • HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Steps

Run regedit/OpenRegistry Editor

Navigate to the following Registry entry and set Value of restrictanonymous to 1

HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous

Navigate to the following Registry entry and set Value of restrictnullsessaccess to 1

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess

Posted in Vulnerability RemediationTags:
Write a comment