Re: samba security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-06-21 at 16:04, Paul Bradshaw wrote:
> 
> Hi there,
> 
> I scanned my Fedora server with NeWT and found this - should I be 
> concerned about it? 
> 
> Thanks,
> 
> ...Paul
> 
> 
> microsoft-ds (445/tcp)
> 
> 	
> 	
> It was possible to log into the remote host using the following
> login/password combinations :
> 'administrator'/''
> 'administrator'/'administrator'
> 'guest'/''
> 'guest'/'guest'


Of course you should be concerned! Any good admin would.  :)

I just went through this with a security scan using nessus.  Not sure
about NeWT but I think it gets this based on the simple ID of the
service running on the port.  

Best thing to do is actually try and login in from a remote system using
those ids and passwords.  I found that I was not able to login using
those ids/passwords or with null passwords.  

I suspect that both applications are using the same test code and report
similar issues when there is no real issue.  Need to review the code to
see what they really are doing and why they send back a false positive
like this.

If you manually check it and it is secure then you don't need to worry.

-- 
Scot L. Harris
[email protected]

Man belongs wherever he wants to go.
		-- Wernher von Braun 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux