SMB: Microsoft Windows SMB NTLM Authentication Low Entropy
This signature detects attempts to exploit a known vulnerability in Microsoft Windows SMB. It is due to a lack of cryptographic entropy when generating challenges to authenticate clients. Remote attackers can exploit this by continuously attempting to authenticate against a server. A successful attack can result in arbitrary code execution.
Extended Description
Microsoft Windows is prone to an unauthorized access vulnerability that affects the Microsoft Server Message Block (SMB) protocol software. An unauthenticated attacker can exploit this issue to gain access to resources with the privileges of an authorized user, which may lead to other attacks.
Affected Products
Microsoft windows_xp_professional
Short Name
SMB:NTLM-LOW-ENTROPY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
Authentication CVE-2010-0231 Entropy Low Microsoft NTLM SMB Windows bid:38085
Release Date
10/04/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0