X Display Manager Control Protocol (XDMCP) Detection

This script is Copyright (C) 2002-2016 Pasi Eronen

Synopsis :

The XDMCP service is running on the remote host.

Description :

The X Display Manager Control Protocol (XDMCP) service allows a Unix
user to remotely obtain a graphical X11 login and therefore act as a
local user on the remote host. If an attacker can gain a valid login
and password, this service could be used to gain further access on the
remote host. An attacker may also use this service to mount a
dictionary attack against the remote host to try to log in remotely.

Note that XDMCP is vulnerable to man-in-the-middle attacks, making it
easy for attackers to steal the credentials of legitimate users by
impersonating the XDMCP server. In addition to this, XDMCP is not a
ciphered protocol, which allows an attacker to capture the keystrokes
entered by the user.

Solution :

Disable the XDMCP service, if you do not use it, and do not allow
this service to run across the Internet.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: Service detection

Nessus Plugin ID: 10891 ()

Bugtraq ID: