Hello,
I have Samba 3.0.28 installed on an AIX 5.3 server. Nessus shows that
Samba is the remote native lan manager. Nessus reports that "Using the
supplied credentials it was possible to extract the password policy for
the remote Windows host." I didn't enter credentials, so Nessus
obtained the password policy without network or server credentials. Can
someone explain what password policy Nessus is reporting below? I
removed the actual settings that were reported, but you can see the
attributes below. The settings don't match the AD password policy
settings, or, obviously, the AIX password policy. Did Nessus report a
default Windows password policy?
Thanks for any information you can provide.
Cathie
Port microsoft-ds (445/tcp)
SMB NativeLanMan
Synopsis :
It is possible to obtain information about the remote operating
system.
Description :
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : Unix
The remote native lan manager is : Samba 3.0.28
The remote SMB Domain Name is :
Obtains the password policy
Synopsis :
It is possible to retrieve the remote host's password policy using the
supplied credentials.
Description :
Using the supplied credentials it was possible to extract the password
policy for the remote Windows host. The password policy must be
conform to the Informational System Policy.
Risk factor :
None
Plugin output :
The following password policy is defined on the remote host:
Minimum password len: 5
Password history len: 0
Maximum password age (d): No limit
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
Nessus ID : 17651
<http://www.nessus.org/plugins/index.php?view=single&id=17651>
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
EMAIL CONFIDENTIALITY NOTICE
This Email message, and any attachments, may contain confidential
patient health information that is legally protected. This information
is intended only for the use of the individual or entity named above.
The authorized recipient of this information is prohibited from disclosing
this information to any other party unless required to do so by law
or regulation and is required to destroy the information after its stated
need has been fulfilled. If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution, or action
taken in reliance on the contents of this message is strictly prohibited.
If you have received this information in error, please notify
the sender immediately by replying to this message and delete the
message from your system.
I have Samba 3.0.28 installed on an AIX 5.3 server. Nessus shows that
Samba is the remote native lan manager. Nessus reports that "Using the
supplied credentials it was possible to extract the password policy for
the remote Windows host." I didn't enter credentials, so Nessus
obtained the password policy without network or server credentials. Can
someone explain what password policy Nessus is reporting below? I
removed the actual settings that were reported, but you can see the
attributes below. The settings don't match the AD password policy
settings, or, obviously, the AIX password policy. Did Nessus report a
default Windows password policy?
Thanks for any information you can provide.
Cathie
Port microsoft-ds (445/tcp)
SMB NativeLanMan
Synopsis :
It is possible to obtain information about the remote operating
system.
Description :
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : Unix
The remote native lan manager is : Samba 3.0.28
The remote SMB Domain Name is :
Obtains the password policy
Synopsis :
It is possible to retrieve the remote host's password policy using the
supplied credentials.
Description :
Using the supplied credentials it was possible to extract the password
policy for the remote Windows host. The password policy must be
conform to the Informational System Policy.
Risk factor :
None
Plugin output :
The following password policy is defined on the remote host:
Minimum password len: 5
Password history len: 0
Maximum password age (d): No limit
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
Nessus ID : 17651
<http://www.nessus.org/plugins/index.php?view=single&id=17651>
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
EMAIL CONFIDENTIALITY NOTICE
This Email message, and any attachments, may contain confidential
patient health information that is legally protected. This information
is intended only for the use of the individual or entity named above.
The authorized recipient of this information is prohibited from disclosing
this information to any other party unless required to do so by law
or regulation and is required to destroy the information after its stated
need has been fulfilled. If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution, or action
taken in reliance on the contents of this message is strictly prohibited.
If you have received this information in error, please notify
the sender immediately by replying to this message and delete the
message from your system.