Cheops-ng Cleartext Authentication Information Disclosure

Medium Nessus Plugin ID 20162


The remote Cheops-ng agent is affected by an information disclosure vulnerability.


A Cheops-ng agent is running on the remote host, and it is configured to allow unencrypted connections. It is, therefore, affected by an information disclosure vulnerability due to passwords being transmitted in cleartext. A user with a valid account on the remote host can connect to the agent and use it to map your network, port scan machines, and identify running services. In addition, it is possible to brute-force login/passwords on the remote host using this agent.


Configure Cheops-ng to run on top of SSL or block this port from outside communication if you want to further restrict the use of Cheops-ng.

See Also

Plugin Details

Severity: Medium

ID: 20162

File Name: cheopsNG_clear_text_password.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Misc.

Published: 2005/11/08

Modified: 2016/01/05

Dependencies: 20160

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: cheopsNG/password