Nessus Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test 1
Number of security holes found 0
Number of security warnings found 1


Host List
Host(s) Possible Issue
192.168.30.10 Security warning(s) found
[ return to top ]


Analysis of Host
Address of Host Port/Service Issue regarding Port
192.168.30.10 msrdp (3389/tcp) Security warning(s) found
192.168.30.10 general/udp Security notes found
192.168.30.10 general/tcp Security notes found


Security Issues and Fixes: 192.168.30.10
Type Port Issue and Fix
Warning msrdp (3389/tcp) Synopsis :

It may be possible to get access to the remote host.
The remote version of the Remote Desktop Protocol Server (Terminal
Service) is vulnerable to a man in the middle (MiTM) attack. The RDP client
makes no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept traffic
from the RDP server can establish encryption with the client and server
without being detected. A MiTM attack of this nature would allow the
attacker to obtain any sensitive information transmitted, including
authentication credentials.

This flaw exists because the RDP server stores a hardcoded RSA
private key in the mstlsapi.dll library. Any local user with
access to this file (on any Windows system) can retrieve the
key and use it for this attack.

See also :

http://www.oxid.it/downloads/rdp-gbu.pdf,http://technet.microsoft.com/en-us/library/cc782610.aspx

Solution :

Force the use of SSL as a transport layer for this service.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVE : CVE-2005-1794
BID : 13818
Other references : OSVDB:17131
Nessus ID : 18405
Informational msrdp (3389/tcp) Synopsis :

The remote host is not FIPS-140 compliant.

Description :

The remote host is running Terminal Services Server. The encryption settings
used by the remote service is not FIPS-140 compliant.

Solution :

Change RDP encryption level to :
4. FIPS Compliant

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin output :
The terminal services encryption level is set to:
2. Medium (Client Compatbile)

Nessus ID : 30218
Informational msrdp (3389/tcp) Synopsis :

The remote Windows host has Terminal Services enabled.
Terminal Services allows a Windows user to remotely obtain a graphical
login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimate users by impersonating the Windows server.

Solution :

Disable Terminal Services if you do not use it, and do not allow this
service to run across the Internet.

Risk factor :

None
Nessus ID : 10940
Informational general/udp Synopsis :

It was possible to obtain traceroute information.
Makes a traceroute to the remote host.

Solution :

n/a

Risk factor :

None

Plugin output :
For your information, here is the traceroute from 192.168.30.12 to 192.168.30.10 :
192.168.30.12
192.168.30.10


Nessus ID : 10287
Informational general/tcp Synopsis :

The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.

See also :

http://www.ietf.org/rfc/rfc1323.txt

Solution :

n/a

Risk factor :

None
Nessus ID : 25220
Informational general/tcp Remote operating system : Microsoft Windows Server 2003
Confidence Level : 80
Method : RDP


The remote host is running Microsoft Windows Server 2003
Nessus ID : 11936
Informational general/tcp Synopsis :

The remote host seems to be a VMware virtual machine.
According to the MAC address of its network adapter, the remote host
is a VMware virtual machine.

Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.

Solution :

n/a

Risk factor :

None
Nessus ID : 20094
Informational general/tcp Synopsis :

The manufacturer can be deduced from the Ethernet OUI.
Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.

See also :

http://standards.ieee.org/faqs/OUI.html,http://standards.ieee.org/regauth/oui/index.shtml

Solution :

n/a

Risk factor :

None

Plugin output :
The following card manufacturers were identified :

00:0c:29:43:e9:7a : VMware, Inc.


Nessus ID : 35716

This file was generated by Nessus, the security scanner.