5 matches found
Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
By emulating the call to LsaQueryInformationPolicy, it was possible to obtain the host SID Security Identifier, without credentials. The host SID can then be used to get the list of local users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56210; scriptversion"1.5"...
SMB Use Host SID to Enumerate Local Users Without Credentials
Using the host security identifier SID, Nessus was able to enumerate local users on the remote Windows system, without credentials. C Tenable Network Security, Inc. @PREFERENCES@ include'compat.inc'; if description scriptid56211; scriptversion"1.12";...
Microsoft Windows NT Null CIFS Sessions (CVE-2000-1200)
...
CVE-2000-1200
CVE-2000-1200 affects Windows NT where remote attackers can enumerate domain users by obtaining the domain SID with the LsaQueryInformationPolicy policy function through a null session, then using that SID to list users. Connected findings consolidate that attackers can enumerate the host/local u...
CVE-2000-1200
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users...