[Samba] Nessus - SMB Use Host SID to Enumerate Local Users Without Credentials
Andrew Bartlett
abartlet at samba.org
Thu Dec 3 17:35:57 UTC 2020
On Thu, 2020-12-03 at 13:47 -0300, Edouard Guigné via samba wrote:
> Hello,
>
>
>
> I tested my samba share with nessus, and I found :
>
> "Using the host security identifier (SID), Nessus was able to
> enumerate
>
> local users on the remote Windows system, without credentials."
>
>
>
> My samba version is 4.10.16
>
>
>
> The samba server is configured as domain member (not AD), in order
> to
>
> serve only files.
>
>
>
> Is there a way to improve that security point ?
See 'restrict anonymous'.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list