Your IP: Unknown · ISP: Unknown · Your Status: Unknown

Skip to main content

PricingToggle submenu for Pricing
Why NordVPN?Toggle submenu for Why NordVPN?
Why NordVPN?
Features
What is a VPN?
Servers in 111 Countries
Fastest VPN
Money-Back Guarantee
No User Tracking
MeshnetNew
Threat ProtectionNew
Dedicated IP
Dark Web Monitor
Multiple Devices
All Features
Download VPNToggle submenu for Download VPN
Desktop
Mobile
Extensions
Windows
macOS
Linux
Android
iOS
Chrome
Firefox
Edge
All Apps
Resources
Toggle submenu for Resources
Get Help
Learn
Support Center
Contact Us
Blog
Cybersecurity Hub
Research Lab
About NordVPN
For BusinessToggle submenu for For Business
Secure your business against advanced cyber threats.
Go to Business VPN
Pricing
Increase the security and privacy of your business today.
See Pricing

Null session

Null session

(also null session attack)

Null session definition

A null session is an anonymous connection (with no username or password) to unprotected shares of a Windows system. Null sessions let attackers get host configuration details, such as share names and Windows user IDs. This, in turn, allows editing some parts of the system’s remote registry.

Information revealed by null sessions

Usernames
Active users
Active processes
Security policy
System configuration

Stopping a null session attack

Upgrade to the latest version of Windows
Download the latest Windows security updates
Disable null sessions in Windows control settings
Disable file and printer sharing for Microsoft networks (if it is unnecessary)
Block NetBIOS on your Windows server

Further reading

What is a cyberattack? Understanding different types

What is session hijacking?

Ultimate digital security