NNTP Service Cleartext Login Permitted

Low Nessus Plugin ID 57335

Synopsis

The remote NNTP server allows cleartext logins.

Description

The remote host is running an NNTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.

Solution

Configure the service to support less secure authentication mechanisms only over an encrypted channel.

See Also

https://tools.ietf.org/html/rfc3977

https://tools.ietf.org/html/rfc4643

Plugin Details

Severity: Low

ID: 57335

File Name: nntp_unencrypted_cleartext_logins.nasl

Version: Revision: 1.4

Type: remote

Family: Misc.

Published: 2011/12/19

Modified: 2017/06/12

Dependencies: 57333

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N