AnsweredAssumed Answered

NetBIOS Brute Force of Accounts - QID 5005

Question asked by RG on Apr 5, 2012
Latest reply on Apr 12, 2012 by Caleb Corey

Qualys flags some of our Windows servers with this vulnerability.  According to the documentation:

 

QID 5005. NetBIOS Brute Force of Accounts. This QID is returned when brute forcing of a Windows host was successful. See the Result section of the vulnerability for a list of login/password combinations that were successful.

 

Results:

User name:Administrator

Password: (empty)

 

I don't believe Microsoft allows blank passwords via remote connection. I also tried:  net use \\<ip address>\c$ and various other methods with no luck.

And so my question is how does Qualys exploit this vulnerability on a Windows box and how can I recreate?  Thanks -

 

 


Outcomes