New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!

SMB Signing Disabled
Vulnerability Severity Rating (VSR): 4
OS-CFDB Identity (ID): OS-CFDB-1008
Server Message Block (SMB) is the file protocol most commonly used by Windows. This protocol allows communication for network file sharing or accessing remote resources of a server. SMB singing specifically is supported on all versions of SMB (1,2,3) but only enabled on Domain Controllers by...

Insecure Active Direcotry User ACLs @Killswitch-GUI 09/27/2017
Vulnerability Severity Rating (VSR): 5
OS-CFDB Identity (ID): OS-CFDB-1000
Service Principal Names (SPNs) are a Microsoft way of designating and identifying where services are running in a domain. These SPNs are attached to accounts within active directory. Any Domain User has the ability to lookup these attributes and view the DACL (Discretionary Access Control List)....

Insecure SYSVOL Scripts
Vulnerability Severity Rating (VSR): 3
OS-CFDB Identity (ID): OS-CFDB-1006
The SYSVOL folder on DC's (Domain Controllers) is a domain-wide network share in Active Directory (AD) to which all authenticated users in the domain have by default read access. The directory contains login scripts, group policy data, and other data that may be needed to be available to all...

Insecure Credential Storage
Vulnerability Severity Rating (VSR): 4
OS-CFDB Identity (ID): OS-CFDB-1004
The assessment team discovered storage of high-value accounts in a clear text format. Storing credentials of this nature in clear text is a severe security risk, allowing an attacker to gain access to credentials with ease. While allowing an attacker to use these credentials to compromise...

Standard User with Local Admin
Vulnerability Severity Rating (VSR): 3
OS-CFDB Identity (ID): OS-CFDB-1009
Following the least privileged model, standard users should have only enough rights to perform their task or duty. The assessment team discovered the following users contain the group permissions of Administrator. Resulting in the ability for the assessment team to execute a User Access Control...

Insecure File Shares
Vulnerability Severity Rating (VSR): 3
OS-CFDB Identity (ID): OS-CFDB-1005
Windows File Shares using NTFS (New Technology File System) allows for granular control over RWX (Read, Write, Execute) down to specific files. Sensitive data related to business functions and personnel often are stored in centralized locations for ease of access. When non-elevated / privileged...

Default Administrator Enabled (RID 500) @Killswitch-GUI 09/27/2017
Vulnerability Severity Rating (VSR): 3
OS-CFDB Identity (ID): OS-CFDB-1001
The default administrator account is often used during initial setup of a host and joining an AD (Active Directory) Domain environment. This type of account is often referred to as BUILTIN\Administrator, also known as NT AUTHORITY\Administrator with the relative identifier (RID) 500. This...

Inadequate Network Segmentation
Vulnerability Severity Rating (VSR): 4
OS-CFDB Identity (ID): OS-CFDB-1003
The assessment team discovered that portions of the network have inadequate security boundaries. Improper network segmentation can allow unauthorized traffic to reach unattended destinations. This type of network architecture may be suitable for normal operations but lacks the security needed...

Firewall Misconfiguration @Killswitch-GUI 09/27/2017
Vulnerability Severity Rating (VSR): 4
OS-CFDB Identity (ID): OS-CFDB-1002
Firewall misconfigurations are most likely to occur during security change processes – that is, when new rules are added, or existing ones changed or removed on a firewall. When a firewall rule is added that is over permissive it may allow an attacker to target specific machines to gain access...

MsCacheV2 Misconfiguration
Vulnerability Severity Rating (VSR): 4
OS-CFDB Identity (ID): OS-CFDB-1007
MsCacheV2 is a Microsoft implementation of local password storage for domain users. These credentials are implemented using the registry and the local SAM hive. By default, Windows caches up to 10 credentials locally and removes the oldest credential as they populate to the host. Caching takes...