Network Security: Detailed info on Possible bug in plugin 10394

Subject:	Possible bug in plugin 10394
Date:	Wed, 10 Nov 2004 15:56:01 +0100

Subject:

Possible bug in plugin 10394

Date:

Wed, 10 Nov 2004 15:56:01 +0100

We believe there is a bug in pluing 10394.

We get this message on a patched/fixed Windows 2003 server.

---
It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access

To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
---

According to various documentations and the links in the message, this message shouldn't show up, with the patches/changes we have done to the server, and because of that we believe this to be a false positive.

What do you guys think about it?

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Possible bug in plugin 10394, Jesper S. Jensen Possible bug in plugin 10394, Jesper S. Jensen <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	schedule a scan, Grant Baker
Next by Date:	Re: schedule a scan, Erik Stephens
Previous by Thread:	Possible bug in plugin 10394, Jesper S. Jensen
Next by Thread:	schedule a scan, Grant Baker
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

schedule a scan, Grant Baker

Next by Date:

Re: schedule a scan, Erik Stephens

Previous by Thread:

Possible bug in plugin 10394, Jesper S. Jensen

Next by Thread:

schedule a scan, Grant Baker

Indexes:

[Date] [Thread] [Top] [All Lists]