Discussion:
[Openvas-discuss] SMB Brute Force Logins With Default Credentials
Helmut Koers
2016-09-01 06:57:42 UTC
Permalink
A recent scan shows a lot of "SMB Brute Force Logins With Default
Credentials" on a single host. The details is always "It was possible to
login with the following credentials via the SMB protocol.
<User>:<Password>" with different user/password combinations.

The related host seems to have a guest sessions with any credentials
allowed .

Is it supposed to result in multiple vulnerabilities, or shouldn't this
just result in one vulnerability?

Thanks,
Helmut
Schwarz Stefan
2016-09-01 07:47:01 UTC
Permalink
Helmut,

i have an open support-ticket on that issue. There was a fix on that NVT
some weeks before, but now it seems to me that this is only related to SMB
on Linux. It seems to be fixed on Windows-machines. It shouldn't be a
vulnerability at all.

Stefan


-----Ursprüngliche Nachricht-----
Von: Openvas-discuss [mailto:openvas-discuss-***@wald.intevation.org] Im
Auftrag von Helmut Koers
Gesendet: Donnerstag, 1. September 2016 08:58
An: openvas-***@wald.intevation.org
Betreff: [Openvas-discuss] SMB Brute Force Logins With Default Credentials

A recent scan shows a lot of "SMB Brute Force Logins With Default
Credentials" on a single host. The details is always "It was possible to
login with the following credentials via the SMB protocol.
<User>:<Password>" with different user/password combinations.

The related host seems to have a guest sessions with any credentials allowed
.

Is it supposed to result in multiple vulnerabilities, or shouldn't this just
result in one vulnerability?

Thanks,
Helmut
Antu Sanadi
2016-09-01 10:21:23 UTC
Permalink
Hi,

Fixed the issue, updated NVT will be available in coming OpenVAS feed.

Thanks for reporting!

Regards,
Antu Sanadi
Post by Schwarz Stefan
Helmut,
i have an open support-ticket on that issue. There was a fix on that NVT
some weeks before, but now it seems to me that this is only related to SMB
on Linux. It seems to be fixed on Windows-machines. It shouldn't be a
vulnerability at all.
Stefan
-----Ursprüngliche Nachricht-----
Auftrag von Helmut Koers
Gesendet: Donnerstag, 1. September 2016 08:58
Betreff: [Openvas-discuss] SMB Brute Force Logins With Default Credentials
A recent scan shows a lot of "SMB Brute Force Logins With Default
Credentials" on a single host. The details is always "It was possible to
login with the following credentials via the SMB protocol.
<User>:<Password>" with different user/password combinations.
The related host seems to have a guest sessions with any credentials allowed
.
Is it supposed to result in multiple vulnerabilities, or shouldn't this just
result in one vulnerability?
Thanks,
Helmut
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html
Loading...