SMB Signing not required vulnerability

SMB Signing not required vulnerability

Info
Description: 

The vulnerability is attacker able to perform the man in the middle attack between SMB server and client communication. This vulnerabilty occurs the lack of SMB misconfiguration. The vulnerability is leads to the MITM,SMB relay attacks.

Info
Impacts

The attacker exploit the vulnerabilty various ways as following.
1.    MITM(Man in the middle attack)
The attacker can modify the communication channel between SMB server and client. it also leads a data capturing and data modifing the between client and server.
2.    Credentials theft
The attacker exploit the vulnerability to able to get credentials of remote SMB server. The things is assit the attacker access remote SMB server using thefted credentials.
3.    SMB Relay attacks
The SMB signing vulnerabilty is lead to perform SMB relay attack on victim network environment.

Info
Miltigation

1. Enforce the SMB signing:
If domain joined machine:
use the GPO change the folloiwng values 

  • Notes
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

  • Click on

    Notes
    ‘Microsoft network server: Digitally sign communications (always)

    . By default, this setting is usually disabled. Double click on it and change it to enabled.

If workgroup machine:

Use the local security policy and change the folllowing values

  • Notes
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

  • Click on

    Notes
    ‘Microsoft network server: Digitally sign communications (always).
    By default, this setting is usually disabled. Double click on it and change it to enabled.

Quote
To avoid this kind of vulnerability security professionals would recommand the organisation perform peroridic vulnerability assessment and peneteration testing.

Created by:
          Offensive security team


 Shakta Technologies Pvt Ltd

    • Related Articles

    • SSL Medium Strength Cipher Suite Supported (SWEET32)

      Description: SWEET32 is a cryptographic attack that exploits birthday attacks on 64-bit block ciphers, specifically targeting cipher suites like 3DES (Triple DES) and Blowfish when used in TLS, SSH, IPSec, or other encrypted protocols. Impacts The ...

    • LLMNR Poisoning

      Description: LLMNR poisoning is a network-based attack where an attacker sets up a rogue machine on the network to intercept name resolution requests. When a machine on the network attempts to access a file-sharing resource or hostname that is ...

    • Network VAPT PPT