Zero session
A null session is a session with a server that does not require user authentication. This gives this user anonymous access to the respective service on the server. It is created, for example, when a computer needs information about another computer, but conventional login with a username and password is not an option .
The computer or even a user connects to a remote service and uses it anonymously, i.e. without prior authentication. Such a session thus allows an unknown user to collect information about the computer system.
The Windows Explorer is as such. B. able to record the file shares of other computers. Since a username and password often cannot be used in a foreign system, this is done by setting up a null session with the SYSTEM account. This is a standard account with very extensive rights that is available on every Windows computer. Many local security-related services run with this account.
The establishment of a null session under Windows means that a token is shown which contains a user ANONYMOUS LOGON and a group Everyone . With this service, the user receives the rights that are assigned to this group and this user. However, many settings on many Windows computers are too broad. When setting up a share, "everyone" is often carelessly allowed access. In most cases the correct group would be Authenticated Users . This only contains the users who have logged in with a username and password.
Zero sessions are often points of attack for hackers who want to gain access to a computer. They allow z. B. to list the user accounts, with which the login names of the users or further information such as membership of certain groups (administrator) or current security settings fall into the hands of the hacker. This information can be used to select potential targets for attack.
Attacks on Windows computers via zero sessions are known for Windows NT / Windows 2000 . With each generation of Windows, the possibilities are reduced and fewer API functions are available for unauthenticated users. However, attacks over zero sessions are possible even with Windows Vista SP1 .