SMB: Microsoft Windows Smb Insufficent Entropy CVE-2010-0231 Authentication Bypass
This signature detects attempts to exploit a known vulnerability in Microsoft Windows SMB. It is due to a lack of cryptographic entropy when generating challenges to authenticate clients. Remote attackers can exploit this by continuously attempting to authenticate against a server. A successful attack can result in arbitrary code execution.
Extended Description
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
Affected Products
Microsoft windows_7
References
CVE: CVE-2010-0231
Short Name
SMB:ENTROPY-NEGO-AUTH-BYP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
Authentication Bypass CVE-2010-0231 Entropy Insufficent Microsoft Smb Windows
Release Date
12/03/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0