Cheops NG Unauthenticated Access

medium Nessus Plugin ID 20161

Synopsis

The remote service does not require a password for access.

Description

The Cheops NG agent on the remote host is running without authentication. Anyone can connect to this service and use it to map your network, port scan machines and identify running services.

Solution

Restrict access to this port or enable authentication by starting the agent using the '-p' option.

Plugin Details

Severity: Medium

ID: 20161

File Name: unprotected_cheopsNG.nasl

Version: Revision: 1.9

Type: remote

Family: Misc.

Published: 11/8/2005

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

Required KB Items: cheopsNG/unprotected