2 Replies Latest reply: May 19, 2017 9:18 AM by zaneta22 RSS

Plugin 96982

zaneta22 Expert

96982 - This was recently set as an informational. Do you know whether or not this will be placed back as a critical and when?

  • Re: Plugin 96982
    rseguin Apprentice

    Hi Zaneta,

     

    This plugin is going to stay informational, as simply having SMBv1 enabled does not represent a vulnerability. The plugin was originally released as a response to the ShadowBrokers leaks which hinted that there was a vulnerability in SMBv1, however no proof at the time was presented.

     

    When we got that info, we added this plugin which piggybacks off of our SMB version detection plugins, and listed this as a critical vulnerability at that time.

     

    The plugin was then revised to be an informational result that simply notes that SMBv1 is enabled.  While Microsoft recommends disabling SMBv1, it's not officially unsupported by Microsoft (https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/).

  • Re: Plugin 96982
    zaneta22 Expert

    Thank You.