Detections
Analytics

Mount iSCSI Targets with 'None' Authentication

medium Nessus Plugin ID 100550

Language:

Synopsis

This plugin attempts to mount iSCSI targets and display returned values from an iSCSI query.

Description

Nessus was able to mount the iSCSI targets using 'None' authentication and retrieve information regarding the vendor ID, product ID and product revision level.

Solution

Implement authenticated connections between initiator and targets.

See Also

http://www.faqs.org/rfcs/rfc3720.html

https://en.wikipedia.org/wiki/ISCSI

http://www.nessus.org/u?4e68c585

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754658(v=ws.11)

https://searchstorage.techtarget.com/tip/Five-ways-to-secure-iSCSI

http://www.nessus.org/u?a3d664e5

http://www.nessus.org/u?7d4e0d92

Plugin Details

Severity: Medium

ID: 100550

File Name: iscsi_mount_target.nbin

Version: 1.57

Type: remote

Family: Misc.

Published: 5/31/2017

Updated: 3/29/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Required KB Items: iscsi/target