Skip to content

H3-2021-0035

NBT-NS Poisoning Possible

Category SECURITY_MISCONFIGURATION
Base Score 7.0

Description

Netbios Name Service (NBT-NS) is one of two components of Microsoft Windows machines that serve as alternate methods of host identification. An attacker can spoof a reply as an authoritative source to a victim request and capture the credential information passed over the network. Credential information can be captured in hashed or plaintext format.

Impact

A captured hash credential can be cracked offline to discover the plaintext password and also be relayed for reuse on other systems. Likewise, a captured plaintext credential can be immediately used to access other systems.

References