SecPlusTrainer / Glossary / What is a null session attack?
D2 · Threats

What is a null session attack?

A null session establishes an unauthenticated SMB connection to enumerate Windows users, groups, shares, and policies — a legacy Windows vulnerability.
Null sessions were common in Windows NT/2000. Modern Windows disables anonymous SMB by default. SMB signing prevents MITM on SMB connections. Enum4linux can still exploit misconfigurations. Disable SMB v1 entirely.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →