Metasploit Adds Module Exploiting CVE-2000-0979: Windows 9x/Me SMB Flaw Enables Byte-by-Byte Password Enumeration

A new auxiliary module has been merged into the Metasploit Framework, targeting CVE-2000-0979, a long-standing information disclosure vulnerability in Microsoft Windows 9x and Windows Me SMB share-level password authentication. The module, developed as an auxiliary scanner for the framework, exploits a flaw in how legacy Windows versions validate SMB share passwords—processing them character by character rather than as complete strings. This design weakness allows an attacker to enumerate passwords one byte at a time, dramatically reducing the complexity of brute-force attempts compared to standard credential guessing.

The vulnerability, originally documented decades ago, centers on the SMB authentication implementation in Windows 9x/Me. When a client attempts to access a protected share, the server validates each character of the password sequentially, leaking information about correct characters through response timing or behavior. This allows an attacker to determine each password character independently, making even moderately complex passwords vulnerable to systematic extraction. The module leverages this behavior to progressively confirm characters until the full password is reconstructed. It also includes detection for unprotected shares with empty passwords. Original proof-of-concept research was conducted by Azbil SecurityFriday Co Ltd, developers of the Share Password Checker tool.

The addition underscores ongoing interest in legacy Windows vulnerabilities within penetration testing and security research communities, particularly as older systems occasionally remain operational in specialized or legacy industrial environments. The module requires operators to specify target Windows hostnames and IP addresses during use. While Windows 9x/Me are long-outdated platforms, the disclosure highlights how fundamental authentication design flaws in legacy protocols continue to surface in offensive security tooling, offering practitioners a structured method to assess exposure in environments where such systems may still exist on networks.