SMB Signing not required Vulnerability

Solution Verified - Updated -

Issue

How to resolve SMB Signing not required vulnerability reported by third party security scanner?

  • Samba file sharing server is installed and enabled.

  • Third party security scanner reports SMB Signing not required vulnerability.

  • nmap reports Message signing disabled or Message signing enabled but not required:

    # nmap --script smb-security-mode.nse -p445 127.0.0.1

PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb-security-mode: 
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)

    # nmap --script smb2-security-mode.nse -p445 127.0.0.1

PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
| smb2-security-mode: 
|   3.11: 
|_    Message signing enabled but not required

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • samba

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content