Check or Attack Name: nbperm

A NetBIOS share requiring only a password for validation was detected. As a result, a brute force attempt to log in using up to four character password combinations was successful.

Note: This exploit results in up to 475,254 login attempts, and could run for several hours.

False Negatives: Applying the lm-fix patch will prevent you from accessing a Windows 95 share from a Windows NT machine.

Set the password to a minimum length of seven characters and change the password.

To set the minimum password length, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the Policies menu, select Account to display the Account Policy dialog box.
4. In the Minimum Password Length field, configure the password to at least seven characters.
5. Click OK.

—AND—

To change the password, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the User menu, select Properties.
4. In the Password field, change the password.
5. In the Confirm Password field, confirm the new password.
6. Click OK.