Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

cancel
Showing results for 
Search instead for 
Did you mean: 

Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

Not applicable

I am trying to find more detail on what this vulnerability is and what could possibly be triggering it in a Windows Server environment.  I am thinking that it might be a mis-configured service or application native to Windows Server but looking for a system expert to confirm or deny that theory.

When I look it up in the Threat Vault all it says is the flowing (which is far from helpful):

Service Enum Through SMB ServiceEnum2

Overview

Attack NameService Enum Through SMB ServiceEnum2
DescriptionRemote Enum Service Through SMB By ServiceEnum2 function number
Threat ID30867
Referenceshttps://threatvault.paloaltonetworks.com/Home/ThreatDetail/30867
Severityinformational
Categoryinfo-leak
1 ACCEPTED SOLUTION

Accepted Solutions

L6 Presenter

Someone or something tried to list which users are logged in to your server by using the SMB ServiceEnum2 function.

This is classified as informational so its in most cases nothing bad.

But it can be worth investigating which ipaddresses performs these lookups and perhaps whitelist those and then trigger an alert if someone else other than these sourceip's performs such enumeration (for example an intruder).

For more information (similar stuff):

http://nmap.org/nsedoc/scripts/smb-enum-users.html

- SMB enum services over \srvsvc infos SecuObs - L'observatoire de la sécurite internet - Si...

View solution in original post

1 REPLY 1

L6 Presenter

Someone or something tried to list which users are logged in to your server by using the SMB ServiceEnum2 function.

This is classified as informational so its in most cases nothing bad.

But it can be worth investigating which ipaddresses performs these lookups and perhaps whitelist those and then trigger an alert if someone else other than these sourceip's performs such enumeration (for example an intruder).

For more information (similar stuff):

http://nmap.org/nsedoc/scripts/smb-enum-users.html

- SMB enum services over \srvsvc infos SecuObs - L'observatoire de la sécurite internet - Si...

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!