[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network security: Allow LocalSystem NULL session fallback

ID: oval:org.secpod.oval:def:40304Date: (C)2017-04-25   (M)2018-11-15
Class: COMPLIANCEFamily: windows




Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Vulnerability: NULL sessions are less secure because by definition they are unauthenticated. Counter Measure: Configure Network security: Allow LocalSystem NULL session fallback to Disabled. Potential Impact: Any applications that require NULL sessions for LocalSystem will not work as designed. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0!allownullsessionfallback

Platform:
Microsoft Windows Server 2016
Reference:
CCE-47296-9
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-47296-9
XCCDF    4
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
...

© SecPod Technologies