Cheops-ng Cleartext Authentication Information Disclosure
Medium Nessus Plugin ID 20162
SynopsisThe remote Cheops-ng agent is affected by an information disclosure vulnerability.
DescriptionA Cheops-ng agent is running on the remote host, and it is configured to allow unencrypted connections. It is, therefore, affected by an information disclosure vulnerability due to passwords being transmitted in cleartext. A user with a valid account on the remote host can connect to the agent and use it to map your network, port scan machines, and identify running services. In addition, it is possible to brute-force login/passwords on the remote host using this agent.
SolutionConfigure Cheops-ng to run on top of SSL or block this port from outside communication if you want to further restrict the use of Cheops-ng.