Cheops NG Cleartext Authentication Information Disclosure

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Cheops NG agent is affected by an information disclosure
issue.

Description :

A Cheops NG agent is running on this port. Users with a valid account
on the remote host can connect to this service and use it to map your
network, portscan machines and identify running services.

The agent is configured to allow unencrypted connections, which may
allow passwords, that are transmitted in cleartext, to be sniffed.

In addition, it is possible to brute-force login/passwords on the
remote host using this agent.

Solution :

Configure Cheops to run on top of SSL or block this port from outside
communication if you want to further restrict the use of Cheops.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 20162 (cheopsNG_clear_text_password.nasl)

Bugtraq ID:

CVE ID: