Novell NetWare ncp Service NDS Object Enumeration
Medium Nessus Plugin ID 10988
SynopsisRemote directory server leaks information.
DescriptionThis host is a Novell NetWare (eDirectory) server, and has browse rights on the PUBLIC object.
It is possible to enumerate all NDS objects, including users, with crafted queries. An attacker can use this to gain information about this host.
SolutionThe NDS object PUBLIC should not have Browse rights the tree should be restricted to authenticated users only.
Removing Browse rights from the object will fix this issue. If this is an external system it is recommended that access to port 524 be blocked from the Internet.