| VID |
28035 |
| Severity |
20 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The system allows the outsider to connect the your system by using Dial-Up Networking.
The registry key "NoDialIn" is used to determine whether Dial-In capabilities are enabled or not. If this key is unset, it means that it's possible for the outsider to connect to a Windows machine with a modem on the internal network by using Dial-up Networking. Due to this misconfiguration, a remote attacker can surmount firewall restrictions and especially in a corporate environment it can cause a major security risk. For preventing unauthorized access to the system, you should prevent the outsider to connect the your system by using Dial-Up Networking by setting this configuration appropriately.
* Registry Settings:
>> User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
>> System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Network]
>> Value Name: NoDialIn
>> Data Type: REG_DWORD (DWORD Value)
>> Value Data: (0 = dial-in enabled, 1 = dial-in disabled)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.eeye.com/html/Products/Retina/RTHs/Accounts/922.html
http://www.winguides.com/registry/display.php/131
* Platforms Affected:
Microsoft Windows 95/98/ME
Microsoft Windows NT/2000/XP/2003 |
| Recommendation |
Set the value data of the registry key appropriately.
1. Open your registry and find User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network] and System Key: [HKEY_LOCAL_MACHINE\Sof
tware\Microsoft\Windows\CurrentVersion\Policies\Network].
2. Create a new DWORD value, or modify the existing value, called "NoDialIn".
3. Set it to "1" to enable the restriction.
4. Exit your registry, you may need to restart or log out of Windows for the change to take effect. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
