Hello,
I have Samba 3.0.28 installed on an AIX 5.3 server. Nessus shows that Samba is the remote native lan manager. Nessus reports that "Using the supplied credentials it was possible to extract the password policy for the remote Windows host." I didn't enter credentials, so Nessus obtained the password policy without network or server credentials. Can someone explain what password policy Nessus is reporting below? I removed the actual settings that were reported, but you can see the attributes below. The settings don't match the AD password policy settings, or, obviously, the AIX password policy. Did Nessus report a default Windows password policy? Thanks for any information you can provide. Cathie Port microsoft-ds (445/tcp) SMB NativeLanMan Synopsis : It is possible to obtain information about the remote operating system. Description : It is possible to get the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Risk factor : None Plugin output : The remote Operating System is : Unix The remote native lan manager is : Samba 3.0.28 The remote SMB Domain Name is : Obtains the password policy Synopsis : It is possible to retrieve the remote host's password policy using the supplied credentials. Description : Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must be conform to the Informational System Policy. Risk factor : None Plugin output : The following password policy is defined on the remote host: Minimum password len: 5 Password history len: 0 Maximum password age (d): No limit Password must meet complexity requirements: Disabled Minimum password age (d): 0 Forced logoff time (s): Not set Locked account time (s): 1800 Time between failed logon (s): 1800 Number of invalid logon before locked out (s): 0 Nessus ID : 17651 <http://www.nessus.org/plugins/index.php?view=single&id=17651> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ EMAIL CONFIDENTIALITY NOTICE This Email message, and any attachments, may contain confidential patient health information that is legally protected. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party unless required to do so by law or regulation and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of this message is strictly prohibited. If you have received this information in error, please notify the sender immediately by replying to this message and delete the message from your system.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
