Cheops-ng Cleartext Authentication Information Disclosure

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote Cheops-ng agent is affected by an information disclosure
vulnerability.

Description :

A Cheops-ng agent is running on the remote host, and it is configured
to allow unencrypted connections. It is, therefore, affected by an
information disclosure vulnerability due to passwords being
transmitted in cleartext. A user with a valid account on the remote
host can connect to the agent and use it to map your network, port
scan machines, and identify running services. In addition, it is
possible to brute-force login/passwords on the remote host using this
agent.

See also :

http://cheops-ng.sourceforge.net/
http://sourceforge.net/projects/cheops-ng/

Solution :

Configure Cheops-ng to run on top of SSL or block this port from
outside communication if you want to further restrict the use of
Cheops-ng.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 20162 (cheopsNG_clear_text_password.nasl)

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial