Re: Access a remote registry

From: H Carvey (keydet89at_private)
Date: Fri May 18 2001 - 09:39:26 PDT

Next message: Adrien de Beaupre: "SIP Session Initiation Protocol"

Previous message: dilbert96at_private: "IIS again."
Maybe in reply to: BrainSCAN: "Access a remote registry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'm checking the security of a Windows NT 
server. I have first used Retina
> to get a general overview of the server, and 
it has discovered that the
> Guest user has access to the registry.

This post brings up another issue...validation.  
Retina reports that the Guest account is 
allowed access to the Registry remotely...but 
how is this validated.

ISS's Internet Scanner used (v5.8,v6.0) used to 
report that the AutoAdminLogon functionality 
existed if the value was set to '0', which 
according to Microsoft is incorrect.  
Rebooting the system proved this.

The point is...if a commercial tool reports a 
vulnerability, and it's not able to be 
replicated, then whom do you believe?

Next message: Adrien de Beaupre: "SIP Session Initiation Protocol"
Previous message: dilbert96at_private: "IIS again."
Maybe in reply to: BrainSCAN: "Access a remote registry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 18 2001 - 13:15:29 PDT