Proxy File '.pac' Request to Public IP Address

medium Nessus Network Monitor Plugin ID 7206
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

This host is configured to use proxy settings issued by a public IP.

Description

Proxy auto-config files, or PAC files provide the ability to auto configure proxy settings for your browser, including the ability to configure proxy settings on a per URL basis. Recent traffic from this host indicates it has requested a '.pac' file from a remote web server. In the past, malicious software has been known to use these files to perform Man-in-the-Middle attacks against affected systems.

Solution

Ensure this configuration is intended. If not, correct or disable the proxy settings on the remote host.

See Also

https://en.wikipedia.org/wiki/Proxy_auto-config

https://technet.microsoft.com/en-us/library/dd361918.aspx

http://www.nessus.org/u?02a8ece2

http://www.nessus.org/u?fd2efa2f

Plugin Details

Severity: Medium

ID: 7206

Version: 1.0

Family: Data Leakage

Published: 6/3/2016

Updated: 8/16/2018