X Display Manager Control Protocol (XDMCP) Detection

This script is Copyright (C) 2002-2014 Pasi Eronen


Synopsis :

XDMCP is running on the remote host.

Description :

XDMCP allows a Unix user to remotely obtain a graphical X11 login (and
therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be
used to gain further access on the remote host. An attacker may also
use this service to mount a dictionary attack against the remote host
to try to log in remotely.

Note that XDMCP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimates users by impersonating the XDMCP server.
In addition to this, XDMCP is not a ciphered protocol which make it
easy for an attacker to capture the keystrokes entered by the user.

Solution :

Disable the XDMCP if you do not use it, and do not allow this service
to run across the Internet

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: Service detection

Nessus Plugin ID: 10891 ()

Bugtraq ID:

CVE ID: