Hello,
i’m working with the OpenVAS-V6 Appliance and have some trouble with
NTLMv2 and DCE/RPC
Authority.
I use the Greenbone-Scripts (Script-Familie: IT-Compliance) to scan a
Windows Server 2003 from
“inside” for vulnerabilities. If the relevant GPO-setting is set to
“Send NTLMv2 response only\refuse
LM & NTLM” (that means: Clients use NTLMv2 authentication only and use
NTLMv2 session security
if the server supports it; domain controllers refuse LM and NTLM (accept
only NTLMv2
authentication) the scans do not run!
If the GPO-setting is set to „Send LM & NTLM - use NTLMv2 session
security if negotiated” (that
means: Clients use LM and NTLM authentication and use NTLMv2 session
security if the server
supports it; domain controllers accept LM, NTLM, and NTLMv2
authentication.) the scans run with
the expected results.
After analysing with wireshark, it seams to be a problem of
DCE/RPC-authority in combination with
NTLMv2. Because I receive the DCE/RPC-response-Error-Message:
„nca_s_fault_access_denied“. And
that only, if “Send NTLMv2 response only\refuse LM & NTLM” is set!
Hint: The Windows Server 2003 and the OpenVAS Server are both part of a
corporate network and
use the same NTP-Server for time synchronization. And I tried out all
combinations of the following
login configurations in OpenVAS:
-NTLMSSP
-Never send SMB credentials in clear text
-Only use NTLMv2
My question is now:
Are there some other relevant options, settings, or login configurations
in OpenVAS which i have to
consider?
Hope someone has an idea!
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
