Nessus Scan - Microsoft Windows SMB NULL Session Authentication

Our NethServer Container IP for LDAP and Samba AD is coming back with the following alert by our Nessus Vulnerability Scanner.

HIGH Microsoft Windows SMB NULL Session Authentication
The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password).

Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host.
Apply the following registry changes per the referenced Technet advisories :
Set :

  • HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
  • HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

Reboot once the registry changes are complete.
See Also
It was possible to bind to the \browser pipe

Obviously this is not a windows device. Is this related to the “Strong Passwords” on/off setting in NethServer settings, something else or maybe a false alert in general?

Any help would be greatly appreciated.

Just some more info to evaluate:


Thank you for these links to further dig in on this. I did come across a few of these myself and have them bookmarked as well for additional reading. I also wanted to get a specific post on this on the Nethserver forums as well. I’ll report back at some point on how I make out with this.

At least it is possible to enumarate users and shares without being joined to the domain.
I’m no expert so will leave further evaluation to more experienced users.