3 matches found
Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
By emulating the call to LsaQueryInformationPolicy, it was possible to obtain the host SID Security Identifier, without credentials. The host SID can then be used to get the list of local users. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56210; scriptversion"1.5"...
CVE-2000-1200
CVE-2000-1200 affects Windows NT where remote attackers can enumerate domain users by obtaining the domain SID with the LsaQueryInformationPolicy policy function through a null session, then using that SID to list users. Connected findings consolidate that attackers can enumerate the host/local u...
CVE-2000-1200
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users...