Unrestricted SMB Access


Summary

Server Message Block (SMB) files shares are world accessible. SARA could access an SMB share. SARA could do a directory listing of the indicated share. An attempt was made write to the share. If it was successful, the label "(r/w)" was added to the SARA report element. of the directories.

The Problem

This vulnerability allows hackers to access files that have been "shared" to the world without the need of a password or special account.

Fix

Confirm that there are no open shares that allow universal access. For Windows 9x shares, add a password to the share under the Control Panel/Network. For Windows NT, be sure that both the administrator and guest accounts are password protected.

CVE Reference(s):