Our NethServer Container IP for LDAP and Samba AD is coming back with the following alert by our Nessus Vulnerability Scanner.
HIGH Microsoft Windows SMB NULL Session Authentication
The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password).
Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.
Apply the following registry changes per the referenced Technet advisories :
Reboot once the registry changes are complete.
It was possible to bind to the \browser pipe
Obviously this is not a windows device. Is this related to the “Strong Passwords” on/off setting in NethServer settings, something else or maybe a false alert in general?
Any help would be greatly appreciated.