漏洞描述
Checks if anonymous users can enumerate Security Identifiers (SIDs), which can expose user information.
windows-anonymous-sid-enumeration-allowed: Windows Allows Anonymous SID Enumeration
PoC代码[已公开]
id: windows-anonymous-sid-enumeration-allowed
info:
name: Windows Allows Anonymous SID Enumeration
author: princechaddha
severity: medium
description: Checks if anonymous users can enumerate Security Identifiers (SIDs), which can expose user information.
impact: |
Allowing anonymous SID enumeration can provide attackers with information to target specific users.
remediation: |
Disable anonymous SID enumeration to protect sensitive user information.
tags: windows,anonymous,sid,security,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'AnonymousSidNameTranslation' -ErrorAction SilentlyContinue).AnonymousSidNameTranslation -eq 1) { Write-Output 'Anonymous SID Enumeration Allowed'; }
matchers:
- type: word
words:
- "Anonymous SID Enumeration Allowed"
# digest: 4a0a004730450220381d7514da49979121faf59dc0a82e1638922d2223ccf9db2475b3bc836e6ef3022100d328f72d23ecf88abf4c52393f7c91acd950ad1809a179244c5ad5c9a669d161:922c64590222798bb761d5b6d8e72950