Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sa_05.txt

🗓️ 12 Oct 2000 00:00:00Reported by nsfocus.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Vulnerability in Microsoft Windows 9x NETBIOS allows unauthorized access to shared files.

Code
`  
[01.gif] [02.gif]  
  
  
[t5.jpg]  
NSFOCUS Security Advisory(SA2000-05)  
Topic£º Microsoft Windows 9x NETBIOS password verification  
vulnerability  
Release Date£º August 24, 2000  
Affected System£º  
================  
- Microsoft Windows 95  
- Microsoft Windows 98  
- Microsoft Windows 98 Second Edition  
Non-affected System£º  
====================  
- Windows NT 4.0  
- Windows 2000  
Impact:  
==========  
A vulnerability exists in the password verification scheme utilized by  
Microsoft Windows 9x NETBIOS protocol implementation. This  
vulnerability will allow any user to access the Windows 9x file shared  
service with password protection. Attacker don't have to know the  
share password.  
Description£º  
=============  
You can set password to protect Microsoft Windows 9x system's shared  
resources. But a vulnerability exists in the password verification  
scheme utilized by Microsoft Windows 9x NETBIOS protocol  
implementation. To verify the password, the length of the password  
depends on the length of the data sent from client to server. That is,  
if a client set the length of password to be 1 byte and send the  
packet to server, the server will only compare it with the first byte  
of the shared password, and if consistent, verification process is  
done. All an attacker need to do is to guess and try the first byte of  
password in the victim .  
Windows 9x remote management system is also affected cause it adopts  
the same shared password authentication method.  
Workaround£º  
=========  
Close Microsoft file shared service.  
Microsoft has been informed.  
DISCLAIMS:  
==========  
THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT  
WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS  
OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO  
EVENTSHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING  
DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS  
OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE  
POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUTION OF THE  
INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.  
©Coypright 1999-2000 NSFOCUS. All Rights Reserved. Terms of use.  
NSFOCUS Security Team <[email protected]>  
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD  
(http://www.nsfocus.com)  
  
©Copyright 2000 NSFOCUS Information Technology Co.,Ltd. All Rights  
Reserved.  
Contact:[email protected]   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4
microsoft windows 9xnetbios vulnerabilitypassword verificationunauthorized accesssecurity advisory.
26