CIFS vulnerability False positive?

Hi Guys do you guys get this in scans even though its disabled ??

CIFS Account lock out policy allows Brute forcing
CIFS Account Password Never expires

Thanks

Nick

CIFS Account Password Never expires is reporting on local computer accounts that have their password set to expire.

For us, it is reporting on a Windows LAPS managed account. Rapid7 support said they have an enhancement open to handle Windows LAPS managed accounts.

“As per our internal team, this case has been investigated and shows that we currently have an existing enhancement request regarding false detection on “cifs-acct-password-never-expires” vulnerability managed by LAPS. We can associate this case with the existing enhancement (IDEA) ticket to add traction to the request.”

I am wondering if there has been any more traction on this issue. I also have the same issue in my environment and haven’t heard anything new for a while.

Crazy that there are no new updates here.

There are still no news in this topic?

Hey all, so for what it’s worth I was having this same issue (LAPS machine reporting password never expires) and I ran an investigation on the vulnerability on the affected device and the investigation automatically declared it a false positive and removed it. Maybe R7 has finally fixed this but only through running an investigation.

1 Like