Hydra: SMB

high Nessus Plugin ID 15884

Synopsis

It may be possible to determine SMB passwords by brute force.

Description

This plugin runs Hydra to find SMB accounts and passwords by brute force, using the smb2 module.

To use this plugin, Hydra must be installed in the same machine as your scanner.

To configure the a scan policy to use Hydra, go to 'Assessment > Brute Force' and check the 'Always enable Hydra (slow)' option, then apply the relevant settings.

Solution

Always use unique, complex passwords. Change the passwords for the affected accounts.

See Also

https://www.kali.org/tools/hydra/

Plugin Details

Severity: High

ID: 15884

File Name: hydra_smb.nasl

Version: 1.20

Type: remote

Published: 12/1/2004

Updated: 5/1/2023

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the potential security risk.

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Vulnerability Information

Required KB Items: Secret/hydra/passwords_file, /tmp/hydra/force_run, Secret/hydra/logins_file