05-16-2019 06:38 AM
Hi,
In our society we are using Alfresco, and some of the port that alfresco use is port 445 (smb service), the vulnerability here is : CVE-1999-0519 (cifs-null-session-permitted) , to remediate and fix the vulnerability we have to Restrict anonymous access, but to do that we have to add two lines in smb.conf :
guest account = nobody
restrict anonymous = 1
In alfresco where to find SMB configuration file to fix this vulnerability, The OS used is Debian.
Best Regards
05-21-2019 05:27 AM
Hi,
Can someone knows how to fix this please.
Best regards
05-26-2019 03:27 PM
Hi:
Alfresco CIFS is not a SMB-like implementation, I mean you do not have smb.conf
By the way, I think Alfresco CIFS is going to be discontinued in a near future (Alfresco 6.x)
Anyway maybe you feel safer with the following properties in alfresco-global.properties
alfresco.authentication.allowGuestLogin=false
passthru.authentication.guestAccess=false
Regards.
--C.
Explore our Alfresco products with the links below. Use labels to filter content by product module.