Novell NetWare ncp Service NDS Object Enumeration

medium Nessus Plugin ID 10988
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


Remote directory server leaks information.


This host is a Novell NetWare (eDirectory) server, and has browse rights on the PUBLIC object.

It is possible to enumerate all NDS objects, including users, with crafted queries. An attacker can use this to gain information about this host.


The NDS object PUBLIC should not have Browse rights the tree should be restricted to authenticated users only.

Removing Browse rights from the object will fix this issue. If this is an external system it is recommended that access to port 524 be blocked from the Internet.

Plugin Details

Severity: Medium

ID: 10988

File Name: NDS_Object_Enum.nasl

Version: 1.17

Type: remote

Family: Netware

Published: 6/4/2002

Updated: 10/16/2018

Risk Information

CVSS Score Source: manual

CVSS Score Rationale: An in depth analysis by tenable researchers revealed the access complexity to be low.


Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N


Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Exploited by Nessus: true

Vulnerability Publication Date: 1/1/2002