Symantec pcAnywhere Service Unrestricted Access

This script is Copyright (C) 2002-2012 Digital Defense Incorporated


Synopsis :

The remote access service on this port allows unrestricted access.

Description :

The pcAnywhere service does not require a password to access the
desktop of this system. If this machine is running Windows 95, 98, or
ME, gaining full control of the machine is trivial. If this system is
running NT or 2000 and is currently logged out, an attacker can still
spy on and hijack a legitimate user's session when they login.

Solution :

1. Open the PC Anywhere application as an Administrator.
2. Right click on the Host object you are using and select Properties.
3. Select the Caller Access tab.
4. Switch the authentication type to Windows or PC Anywhere.
5. If you are using PC Anywhere authentication, set a strong password.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 10798 (DDI_Unprotected_PCanywhere.nasl)

Bugtraq ID:

CVE ID: CVE-1999-0508