New We plan on releasing bi-monthly edits and updates to the OS-CFDB project! Please check out the search function!

Insecure File Shares

3

VSR

4.0-5.9

CVSS

Medium

Risk

OS-CFDB-1005

ID

Finding Metadata

Finding Service(s)

Service
Internal Penetration Testing
External Penetration Testing

NIST 800-53 Control(s)

NIST
SI-2
AC-1
AC-3
AC-6

Finding Development

Author Name Twitter Handle Email Created Updated

Technical Information

Description

The technical overview of a finding, not meant to be all-inclusive.

Windows File Shares using NTFS (New Technology File System) allows for granular control over RWX (Read, Write, Execute) down to specific files. Sensitive data related to business functions and personnel often are stored in centralized locations for ease of access. When non-elevated / privileged domain users can access sensitive data, it allows for an attacker to easily exfil or facilitate future attack paths.

Impact

How a finding result will affect an organization.

This insecure storage misconfiguration leaves data open to theft by an attacker and could cause substantial damage to the organization and its employees. Insecure file shares can also lead to loss of data integrity and malicious code to target HVI (High-Value Individuals)

Recommendation

Current plan of action recomended.

The assessment team recommends following the model of least privileged. Implement a secure configuration by using NTFS Share Permissions and restricting Domain Users and Groups to sensitive data.