This exploit tests for account lockout after too many failed login attempts. The default is five failed login attempts.
Note: Before performing NetBIOS default user checks, Internet Scanner detects permanent account lockouts. Internet Scanner indicates a vulnerability if permanent lockouts are enabled and users were enumerated. The combination of permanent lockouts and null session users lets an attacker lock out your entire user base. When this situation occurs, Internet Scanner does not attempt password guessing by login. This action protects your users from accidental lockouts.