Nessus Scan - Microsoft Windows SMB NULL Session Authentication

Our NethServer Container IP for LDAP and Samba AD is coming back with the following alert by our Nessus Vulnerability Scanner.


HIGH Microsoft Windows SMB NULL Session Authentication
Description
The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password).

Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.
Solution
Apply the following registry changes per the referenced Technet advisories :
Set :

  • HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Reboot once the registry changes are complete.
See Also
http://www.nessus.org/u?5c2589f6
http://www.nessus.org/u?899b4072
http://www.nessus.org/u?a33fe205
Output
It was possible to bind to the \browser pipe


Obviously this is not a windows device. Is this related to the “Strong Passwords” on/off setting in NethServer settings, something else or maybe a false alert in general?

Any help would be greatly appreciated.

Just some more info to evaluate:

2 Likes

Thank you for these links to further dig in on this. I did come across a few of these myself and have them bookmarked as well for additional reading. I also wanted to get a specific post on this on the Nethserver forums as well. I’ll report back at some point on how I make out with this.

At least it is possible to enumarate users and shares without being joined to the domain.
I’m no expert so will leave further evaluation to more experienced users.