|
Title: Null sessions Post by: Hack_80 on June 19, 2008, 03:57:40 AM Hi,
I m using windows 2k machines and while scaning through ISS scanner i found vulnerability for Null sessions. I disabled the features for null session thru registry [HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous:Reg_Dwor d:0x1] still the vulnerability is detected for the same. Kindly help for solutions thankx Title: Re: Null sessions Post by: BillV on June 19, 2008, 10:36:31 AM Have you tried actually creating a null session with the machine? It very well could just be a false-positive from you vulnerability scanner.
BillV Title: Re: Null sessions Post by: phn1x on June 19, 2008, 11:40:24 AM It's not necessarily a false positive, it's just a lack of understanding of named pipes.
Windows 2000 Null session restrictions has 3 values. Value 0. No restrictions Value 1. Prevent direct enumeration of accounts and groups using the samr named pipe. But... There are 6 hardcoded named pipes in win2k Value 2. Prevent Null sessions (anonymous connections to the IPC$) So, To solve your problem change the registry value to 2, and re scan! Your problem should go away
Powered by SMF 1.1.7 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |