Re: SAMR named pipe
- From: "Lognoul, Marc [Private]" <lognoulm@xxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 21:48:46 +0100
Doing so would allow an unauthenticated user or system to "harvest" users, groups and other security-related information.
This would ease password guessing.
I found pretty strange that an application managing password needs anonymous access. Is this application rather old?
--
KR/Amicalement/MVG,
Marc
<adrianwheway@xxxxxxxxxxx> wrote in message news:3d446b80-4bf8-4e99-a815-d2af890f7b3d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi there,
On my Windows 2003 servers I prevent anonymous sid and name
translation, I do not allow anonymous enumeration of SAM accounts or
shares and I do not allow the everyone permission to apply to
anonymous users. I also do not allow any named pipes to be accessed
anonymously.
I have an application that manages passwords and in order to change
the passwords of accounts on remote servers across the network, the
target servers must allow anonymous access to the named pipe SAMR.
Are there any serious security implications if I allow anonymous
access to the SAMR named pipe, but keep the other restrictions in
place?
Thanks,
Adrian.
.
- References:
- SAMR named pipe
- From: adrianwheway
- SAMR named pipe
- Prev by Date: Re: Certs in non-domain environment:
- Previous by thread: SAMR named pipe
- Next by thread: Re: Extend Root CA cert lifetime
- Index(es):
