ICCP/COTP TSAP Addressing Weakness
Medium Nessus Plugin ID 23812
SynopsisIt is possible to determine a COTP TSAP value on the remote ICCP server by trying possible values.
DescriptionThe ICCP stack (and other protocols MMS and IEC 61850) includes ISO 7073 (RFC 905) at the Transport Layer. ISO 7073 specifies the Connection Oriented Transport Protocol (COTP) that includes a pair of user configurable 16-bit numeric, or in some cases ASCII string values, to identify client endpoints called Transport Service Access Points (TSAP's).
The TSAP used in the host server was guessed by trying a sample of possible values that are commonly used and easily attempted by trial-and-error.
SolutionUpgrade to Secure ICCP, select pseudorandom 16-bit value or restrict the port to authorized hosts.