Detections
Analytics

Microsoft Windows SMB Registry : Autologon Enabled

high Nessus Plugin ID 10412

Synopsis

Anyone can logon to the remote system.

Description

This script determines whether the autologon feature is enabled. This feature allows an intruder to log into the remote host as DefaultUserName with the password DefaultPassword.

Solution

Delete the keys AutoAdminLogon and DefaultPassword under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

See Also

http://support.microsoft.com/kb/315231

Plugin Details

Severity: High

ID: 10412

File Name: smb_reg_autologon.nasl

Version: 1.36

Type: local

Agent: windows

Family: Windows

Published: 5/20/2000

Updated: 8/16/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_access, SMB/transport

Reference Information

MSKB: 324737