Microsoft Windows SMB Registry : Registry HKLM_LOCAL_MACHINE Permissions

high Nessus Plugin ID 10427

Synopsis

System settings are writable by non admin.

Description

The registry key HKEY_LOCAL_MACHINE is writeable by users who are not in the admin group.

This allows these users to create a lot of keys on that machine, thus they can probably to get admin easily.

Such a configuration probably means that the system has been compromised.

Solution

use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Plugin Details

Severity: High

ID: 10427

File Name: smb_reg_hklm.nasl

Version: 1.28

Type: local

Agent: windows

Family: Windows

Published: 5/29/2000

Updated: 8/13/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_access, SMB/transport

Vulnerability Publication Date: 1/1/1995

Reference Information

CVE: CVE-1999-0589