| VID |
28023 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows system allows remote users to enumerate all the user accounts using the Domain SID. Windows systems basically provide WIN32 functions, LookupAccountName and LookupAccountSid. These functions via a null session connection allow ordinary users to retrieve the names of all the user accounts including a built-in administrator name, which MS recommends us to rename from administrator to something else.
* References:
http://support.microsoft.com/default.aspx?scid=kb;[LN];143474
http://support.microsoft.com/default.aspx?scid=kb;[LN];246261
http://www.iss.net/security_center/static/171.php |
| Recommendation |
The "restrict anonymous" solution provided by Microsoft doesn't help here. Filter incoming connections to port 139. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
