nbperm (NetBIOS weak passwords)

Vulnerability Description

Brief description: NetBIOS shares with weak passwords are susceptible to brute force password attacks.

Full description: A NetBIOS share is a directory on a disk that is configured to be mountable by other hosts. If access to the share is controlled by a weak password, an attacker could attempt to guess passwords in order to gain access to the share.

Components: NetBIOS share; trusted.

Systems: Windows 95/98, NT, OS/2, versions of UNIX running Samba.

Effect(s) of exploiting: The attacker gains access to the share and its files.

Detecting the hole:

1. If the password is too short or contains only alphabetic characters, it is weak. In general, if the password is easy to guess, it is weak.

Fixing the hole:

1. Change the password on the share to something that is hard to guess.

Other information:

Keywords

NetBIOS share password access control

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0518 -- A NETBIOS/SMB share password is guessable.

Exploit Information

Attack: Guess the password, and use to mount the share.

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Eric Haugh (6/29/2000):
   Initial entry.