Server PEN test issue (Network Product)
At 23 MAR 2023 07:37:30PM Matthew Crozier wrote:
One of our clients regularly PEN test their servers and one issue was detected:
See link below:
Microsoft Windows Unquoted Service Path Enumeration | TenableĀ®
It doesn't like spaces in the filepath for the LH service executable, claiming that "A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service".
It can be addressed just by enclosing the ImagePath in quotes at
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LinearHash
I've tried it and there doesn't appear to be any operational problem doing this. Could there be anything else looking at the ImagePath key though?
Cheers, M@
At 24 MAR 2023 08:49AM bshumsky wrote:
Hi, Matt. Certainly nothing inside the product looks at the ImagePath during normal operation. If the service still runs (which means you've quoted it correctly), I think that's sufficient proof that it's working.
If you wanted some extra verification, you could open a DOS cmd prompt, CD to the folder where your UD is installed (c:\revsoft\universal driver), and issue some commands to stop and restart the service:
lh47nul stop
lh47nul start
If those work, then I think everything is fine.
- Bryan Shumsky
At 24 MAR 2023 02:26PM Matthew Crozier wrote:
Hi, Certainly nothing inside the product looks at the ImagePath during normal operation. If the service still runs (which means you've quoted it correctly), I think that's sufficient proof that it's working.
Great, thanks for confirming Bryan.
Cheers, M@