Nessus Plugin #10891
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
X Display Manager Control Protocol (XDMCP)
- Family:
- Useless services
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2002 Pasi Eronen
- Summary:
- Checks if XDM has XDMCP protocol enabled
- Version:
- $Revision: 1.6 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
The remote host is running XDMCP.
This protocol is used to provide X display connections for X terminals.
XDMCP is completely insecure, since the traffic and passwords are not
encrypted.
An attacker may use this flaw to capture all the keystrokes of the users
using this host through their X terminal, including passwords.
Also XDMCP is an additional login mechanism that you may not have been
aware was enabled, or may not be monitoring failed logins on.
Solution : Disable XDMCP
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.