News Server (NNTP) Anonymous Read Access

low Nessus Plugin ID 39329

Synopsis

The remote NNTP server allows anyone to access it.

Description

The remote NNTP server seems to be open to outsiders. Some people like open NNTP servers as they allow one to read Usenet news articles anonymously. Unwanted connections could waste your bandwidth.

Note that it is very common for NNTP servers to use IP-based authentication so this may be a false positive if the Nessus scanner is among the allowed source addresses.

Solution

Enforce authentication or filter connections from outside.

Plugin Details

Severity: Low

ID: 39329

File Name: readable_nntp_server.nasl

Version: Revision: 1.8

Type: remote

Family: General

Published: 6/8/2009

Updated: 5/29/2014

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P