Search Hints:
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.

NeXpose Vulnerability Database

< Previous  Next >

Anonymous users can obtain the Windows password policy

Severity CVSS Published Added Modified
Critical (8) 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Aug 31, 2001 Nov 1, 2004 Dec 4, 2007

Description:

Anonymous users can obtain the Windows password policy from the system by using CIFS NULL sessions. The password policy contains sensitive information about minimum password length, password lockout threshold, password lockout duration, etc.

References:

Solution:

  • Microsoft Windows 2003, Microsoft Windows Server 2003, Standard Edition, Microsoft Windows Server 2003, Enterprise Edition, Microsoft Windows Server 2003, Datacenter Edition, Microsoft Windows Server 2003, Web Edition, Microsoft Windows Small Business Server 2003

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following values:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: RestrictAnonymousSAM
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: EveryoneIncludesAnonymous
      Data Type: REG_DWORD
      Data Value: 0

    and set the following value to 0 (or, alternatively, delete it):

          Value Name: TurnOffAnonymousBlock
      Data Type: REG_DWORD
      Data Value: 0

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\

    with the following values:

          Value Name: RestrictNullSessAccess
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: NullSessionPipes
      Data Type: REG_MULTI_SZ
      Data Value: "" (empty string, without quotes)

    Open Local Security Settings, and disable the following setting:

           Security Settings -> Local Policies -> Security Options ->
       Network access: Allow anonymous SID/Name translation: Disabled

    Finally, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article Q246261 for more information.

  • Microsoft Windows XP, Microsoft Windows XP Home, Microsoft Windows XP Professional

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following values:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: RestrictAnonymousSAM
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: EveryoneIncludesAnonymous
      Data Type: REG_DWORD
      Data Value: 0

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\

    with the following values:

          Value Name: RestrictNullSessAccess
      Data Type: REG_DWORD
      Data Value: 1
          Value Name: NullSessionPipes
      Data Type: REG_MULTI_SZ
      Data Value: "" (empty string, without quotes)

    Open Local Security Settings, and disable the following setting:

           Security Settings -> Local Policies -> Security Options ->
       Network access: Allow anonymous SID/Name translation: Disabled

    Finally, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article Q246261 for more information.

  • Microsoft Windows 2000, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following value:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 2

    After modifying the registry, reboot the machine.

    Please note that disabling NULL sessions may have an adverse impact on functionality, as some applications and network environments may depend on them for proper operation. Refer to Microsoft Knowledge Base Article Q246261 for more information.

  • Microsoft Windows NT Server 4.0, Microsoft Windows NT Server, Enterprise Edition 4.0, Microsoft Windows NT Workstation 4.0

    Install Microsoft service pack Windows NT4 Service Pack 4

    Download and apply the upgrade from: http://support.microsoft.com/sp

  • Microsoft Windows NT, Microsoft Windows NT Workstation, Microsoft Windows NT Server, Microsoft Windows NT Advanced Server, Microsoft Windows NT Server, Enterprise Edition, Microsoft Windows NT Server, Terminal Server Edition

    Disable NULL sessions

    Modify the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

    with the following value:

          Value Name: RestrictAnonymous
      Data Type: REG_DWORD
      Data Value: 1

    After modifying the registry, reboot the machine.

    It is important to note that on Windows NT 4.0 systems, setting this registry entry will still leave the system open to various attacks, including brute-force enumeration of users and groups. A complete solution for Windows NT 4.0 systems is not available.

  • Samba on Linux

    Restrict anonymous access

    To restrict anonymous access to Samba, modify your "smb.conf" settings as follows:

                        guest account = nosuchuser
                    restrict anonymous = yes  
     
    Note: Make sure you do NOT list a user "nosuchuser" in your password file.

  • Novell NetWare

    Novell Netware CIFS

    As of May 9, 2007 Novell Netware CIFS does not provide a workaround for this vulnerability.



Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.