Search...

Microsoft Windows: Require strong session key

2018-06-01T00:00:00

ID OPENVAS:1361412562310109160
Type openvas
Reporter Copyright (c) 2018 Greenbone Networks GmbH
Modified 2018-09-21T00:00:00

Description

This test checks the setting for policy

                                        
                                            ##############################################################################
# OpenVAS Vulnerability Test
# $Id: win_domain_require_strong_session_key.nasl 11532 2018-09-21 19:07:30Z cfischer $
#
# Check value for Domain member: Require strong session key
#
# Authors:
# Emanuel Moss &lt;emanuel.moss@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.109160");
  script_version("$Revision: 11532 $");
  script_tag(name:"last_modification", value:"$Date: 2018-09-21 21:07:30 +0200 (Fri, 21 Sep 2018) $");
  script_tag(name:"creation_date", value:"2018-06-01 15:03:15 +0200 (Fri, 01 Jun 2018)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:S/C:N/I:N/A:N");
  script_tag(name:"qod", value:"97");
  script_name('Microsoft Windows: Require strong session key');
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2018 Greenbone Networks GmbH");
  script_family("Policy");
  script_dependencies("smb_reg_service_pack.nasl");
  script_add_preference(name:"Status", type:"radio", value:"1;0");
  script_mandatory_keys("Compliance/Launch");
  script_tag(name:"summary", value:"This test checks the setting for policy
'Domain member: Require strong session key' on Windows hosts (at least Windows 7).

The policy setting determines whether a secure channel can be established with a
domain controller that is not capable of encrypting secure channel traffic with
a 128-bit session key. Enabling the setting prevents establishing a secure
channel with any domain controller that cannot encrypt secure channel data with
a strong key. Disabling the policy setting allows 64-bit session keys.");
  exit(0);
}

include("smb_nt.inc");
include("policy_functions.inc");

if(!get_kb_item("SMB/WindowsVersion")){
  policy_logging(text:'Host is no Microsoft Windows System or it is not possible
to query the registry.');
  exit(0);
}

if(get_kb_item("SMB/WindowsVersion") &lt; "6.1"){
  policy_logging(text:'Host is not at least a Microsoft Windows 7 system.
Older versions of Windows are not supported any more. Please update the
Operating System.');
  exit(0);
}

type = 'HKLM';
key = 'SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters';
item = 'RequireStrongKey';
title = 'Domain member: Require strong (Windows 2000 or later) session key';
fixtext = 'Set following UI path accordingly:
Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/' + title;
default = script_get_preference('Status');
value = registry_get_dword(key:key, item:item, type:type);
value = chomp(value);

if( value == ''){
  value = '0';
}

if(int(value) == int(default)){
  compliant = 'yes';
}else{
  compliant = 'no';
}

policy_logging(text:'"' + title + '" is set to: ' + value);
policy_add_oid();
policy_set_dval(dval:default);
policy_fixtext(fixtext:fixtext);
policy_control_name(title:title);
policy_set_kb(val:value);
policy_set_compliance(compliant:compliant);

exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310109160", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft Windows: Require strong session key", "description": "This test checks the setting for policy\n", "published": "2018-06-01T00:00:00", "modified": "2018-09-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310109160", "reporter": "Copyright (c) 2018 Greenbone Networks GmbH", "references": [], "cvelist": [], "lastseen": "2018-09-24T18:09:19", "viewCount": 0, "enchantments": {"score": {"value": -0.6, "vector": "NONE", "modified": "2018-09-24T18:09:19", "rev": 2}, "dependencies": {"references": [], "modified": "2018-09-24T18:09:19", "rev": 2}, "vulnersScore": -0.6}, "pluginID": "1361412562310109160", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: win_domain_require_strong_session_key.nasl 11532 2018-09-21 19:07:30Z cfischer $\n#\n# Check value for Domain member: Require strong session key\n#\n# Authors:\n# Emanuel Moss <emanuel.moss@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.109160\");\n script_version(\"$Revision: 11532 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-21 21:07:30 +0200 (Fri, 21 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-01 15:03:15 +0200 (Fri, 01 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:S/C:N/I:N/A:N\");\n script_tag(name:\"qod\", value:\"97\");\n script_name('Microsoft Windows: Require strong session key');\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH\");\n script_family(\"Policy\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_add_preference(name:\"Status\", type:\"radio\", value:\"1;0\");\n script_mandatory_keys(\"Compliance/Launch\");\n script_tag(name:\"summary\", value:\"This test checks the setting for policy\n'Domain member: Require strong session key' on Windows hosts (at least Windows 7).\n\nThe policy setting determines whether a secure channel can be established with a\ndomain controller that is not capable of encrypting secure channel traffic with\na 128-bit session key. Enabling the setting prevents establishing a secure\nchannel with any domain controller that cannot encrypt secure channel data with\na strong key. Disabling the policy setting allows 64-bit session keys.\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"policy_functions.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n policy_logging(text:'Host is no Microsoft Windows System or it is not possible\nto query the registry.');\n exit(0);\n}\n\nif(get_kb_item(\"SMB/WindowsVersion\") < \"6.1\"){\n policy_logging(text:'Host is not at least a Microsoft Windows 7 system.\nOlder versions of Windows are not supported any more. Please update the\nOperating System.');\n exit(0);\n}\n\ntype = 'HKLM';\nkey = 'SYSTEM\\\\CurrentControlSet\\\\Services\\\\Netlogon\\\\Parameters';\nitem = 'RequireStrongKey';\ntitle = 'Domain member: Require strong (Windows 2000 or later) session key';\nfixtext = 'Set following UI path accordingly:\nComputer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/' + title;\ndefault = script_get_preference('Status');\nvalue = registry_get_dword(key:key, item:item, type:type);\nvalue = chomp(value);\n\nif( value == ''){\n value = '0';\n}\n\nif(int(value) == int(default)){\n compliant = 'yes';\n}else{\n compliant = 'no';\n}\n\npolicy_logging(text:'\"' + title + '\" is set to: ' + value);\npolicy_add_oid();\npolicy_set_dval(dval:default);\npolicy_fixtext(fixtext:fixtext);\npolicy_control_name(title:title);\npolicy_set_kb(val:value);\npolicy_set_compliance(compliant:compliant);\n\nexit(0);", "naslFamily": "Policy"}