Remote SMB Server Login


Summary

Remote login access to SMB server from arbitrary hosts.

Impact

The machine can be taken over by any malicious (super)user on the network.

The problem

When the remote login (e.g., administrator, guest) trusts every host on the network without the need for a password, a malicious user on an arbitrary host can gain access as the trusting login account. Once inside, the intruder can replace system programs or configuration files and control the machine.

Fix

Insure that the common accounts (e.g., administrator [both local and network] and guest) have bullet-proof passwords.

CVE Reference(s):