H3-2021-0030
SMB Signing Not Required
| Category | SECURITY_MISCONFIGURATION |
| Base Score | 1.0 |
Description
The SMB service on this host is configured to not require SMB signing. SMB signing is a security feature designed to ensure the integrity and authenticity of SMB communications by digitally signing packets. The lack of mandatory SMB signing means that SMB communications are not protected against tampering. An attacker could exploit this misconfiguration by performing man-in-the-middle attacks, where they intercept, alter, and relay SMB messages between the client and server without detection.
Impact
Exploiting this misconfiguration allows an attacker to potentially intercept sensitive information, modify data in transit, and impersonate legitimate users or services within your network. This can lead to attackers gaining domain account privileges and host access.
References
- Microsoft network server: Digitally sign communications (always)
- Microsoft network client: Digitally sign communications (always)
- Overview of Server Message Block Signing
- Samba Configuration
- The Basics of SMB Signing (Covering Both SMB1 and SMB2)
- MITRE ATT&CK Technique: T1557.001: Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay
- MITRE ATT&CK Technique: T1187: Forced Authentication