Nessus Plugin #10273
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Detect SWAT server port
- Family:
- Service detection
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2000 SecuriTeam
- Summary:
- Detect SWAT server port
- Version:
- $Revision: 1.15 $
- Cve_id:
- CVE-2000-0935
- Bugtraq_id:
- 1872
- Xrefs:
- -
- Description:
SWAT (Samba Web Administration Tool) is running on this port.
SWAT allows Samba users to change their passwords, and offers to the sysadmin
an easy-to-use GUI to configure Samba.
However, it is not recommended to let SWAT be accessed by the world, as it
allows an intruder to attempt to brute force some accounts passwords.
In addition to this, the traffic between SWAT and web clients is not ciphered,
so an eavesdropper can gain clear text passwords easily.
Solution: Disable SWAT access from the outside network by making your firewall
filter this port.
If you do not need SWAT, disable it by commenting the relevant /etc/inetd.conf
line.
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.