Cheops-ng Cleartext Authentication Information Disclosure

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Cheops-ng agent is affected by an information disclosure

Description :

A Cheops-ng agent is running on the remote host, and it is configured
to allow unencrypted connections. It is, therefore, affected by an
information disclosure vulnerability due to passwords being
transmitted in cleartext. A user with a valid account on the remote
host can connect to the agent and use it to map your network, port
scan machines, and identify running services. In addition, it is
possible to brute-force login/passwords on the remote host using this

See also :

Solution :

Configure Cheops-ng to run on top of SSL or block this port from
outside communication if you want to further restrict the use of

Risk factor :

Medium / CVSS Base Score : 4.3

Family: Misc.

Nessus Plugin ID: 20162 (cheopsNG_clear_text_password.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now