| VID |
28348 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Remote system allows anonymous enumeration of SAM accounts and shares. The anonymous users (users, computers and groups), and the enumeration of the name of the network share a malicious user could anonymously list account names and then uses this information to guess passwords or perform social engineering attacks can be.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
1. Run> SECPOL.MSC > Local Policies> Security Options
2. Enable 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
