Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Null session

Null session

(also null session attack)

Null session definition

An anonymous connection (with no username or password) to unprotected shares of a Windows system. Null sessions let attackers get host configuration details, such as share names and Windows user IDs. This, in turn, allows editing some parts of the system’s remote registry.

Information revealed by null sessions

  • Usernames
  • Active users
  • Active processes
  • Security policy
  • System configuration

Stopping a null session attack

  • Upgrade to the latest version of Windows
  • Download the latest Windows security updates
  • Disable null sessions in Windows control settings
  • Disable file and printer sharing for Microsoft networks (if it is unnecessary)
  • Block NetBIOS on your Windows server

Further reading

Ultimate digital security

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.