I believe this is a medium because you can enumerate without any real authentication.
It also does reveal some information about the host, like that it appears to be a citrix server serving wyse thin clients On Wed, Oct 29, 2008 at 11:30 AM, Bob Schommer <[EMAIL PROTECTED]>wrote: > Counts and Shows as a Medium Risk > > > > *SMB shares enumeration* > > > *Synopsis :* > > It is possible to enumerate remote network shares. > > *Description :* > > By connecting to the remote host using a NULL (or guest) session > Nessus was able to enumerate the network share names. > > *Risk factor :* > > None > > *Plugin output :* > > Here is the list of the SMB shares of this host : > > E$ > WYSE > CITRIXApplications > IPC$ > D$ > ADMIN$ > C$ > ITS$ > > > Nessus ID : > 10395<http://www.nessus.org/plugins/index.php?view=single&id=10395> > > > > > > *Robert A. "Bob" Schommer* > > Audit & Security Officer > > Bway Corporation > > Desk 770-645-4882 > > Cell 404-769-1966 > > [EMAIL PROTECTED] > > > > > > This e-mail message is for the sole use of the intended recipient(s). It > may contain confidential information, legally privileged information or > other information subject to legal restrictions. If you are not the intended > recipient, you may not read it, copy it, use it, or disclose it. Please > notify the sender by replying to this message, and then delete or destroy > all copies of this message in all media. Also, this email message is not an > offer or acceptance, and it is not intended to be all or part of an > agreement. > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
