This script is Copyright (C) 2002-2014 Pasi Eronen
XDMCP is running on the remote host.
XDMCP allows a Unix user to remotely obtain a graphical X11 login (and
therefore act as a local user on the remote host).
If an attacker gains a valid login and password, this service could be
used to gain further access on the remote host. An attacker may also
use this service to mount a dictionary attack against the remote host
to try to log in remotely.
Note that XDMCP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimates users by impersonating the XDMCP server.
In addition to this, XDMCP is not a ciphered protocol which make it
easy for an attacker to capture the keystrokes entered by the user.
Disable the XDMCP if you do not use it, and do not allow this service
to run across the Internet
Risk factor :
Low / CVSS Base Score : 2.6