Security Issues and Fixes: 192.168.30.10 |
Type |
Port |
Issue and Fix |
Warning |
msrdp (3389/tcp) |
Synopsis :
It may be possible to get access to the remote host.
The remote version of the Remote Desktop Protocol Server (Terminal
Service) is vulnerable to a man in the middle (MiTM) attack. The RDP client
makes no effort to validate the identity of the server when setting
up encryption. An attacker with the ability to intercept traffic
from the RDP server can establish encryption with the client and server
without being detected. A MiTM attack of this nature would allow the
attacker to obtain any sensitive information transmitted, including
authentication credentials.
This flaw exists because the RDP server stores a hardcoded RSA
private key in the mstlsapi.dll library. Any local user with
access to this file (on any Windows system) can retrieve the
key and use it for this attack.
See also :
http://www.oxid.it/downloads/rdp-gbu.pdf,http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution :
Force the use of SSL as a transport layer for this service.
Risk factor :
Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE : CVE-2005-1794
BID : 13818
Other references : OSVDB:17131
Nessus ID : 18405 |
Informational |
msrdp (3389/tcp) |
Synopsis :
The remote host is not FIPS-140 compliant.
Description :
The remote host is running Terminal Services Server. The encryption settings
used by the remote service is not FIPS-140 compliant.
Solution :
Change RDP encryption level to :
4. FIPS Compliant
Risk factor :
Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin output :
The terminal services encryption level is set to:
2. Medium (Client Compatbile)
Nessus ID : 30218 |
Informational |
msrdp (3389/tcp) |
Synopsis :
The remote Windows host has Terminal Services enabled.
Terminal Services allows a Windows user to remotely obtain a graphical
login (and therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimate users by impersonating the Windows server.
Solution :
Disable Terminal Services if you do not use it, and do not allow this
service to run across the Internet.
Risk factor :
None
Nessus ID : 10940 |
Informational |
general/udp |
Synopsis :
It was possible to obtain traceroute information.
Makes a traceroute to the remote host.
Solution :
n/a
Risk factor :
None
Plugin output :
For your information, here is the traceroute from 192.168.30.12 to 192.168.30.10 :
192.168.30.12
192.168.30.10
Nessus ID : 10287 |
Informational |
general/tcp |
Synopsis :
The remote service implements TCP timestamps.
The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt
Solution :
n/a
Risk factor :
None
Nessus ID : 25220 |
Informational |
general/tcp |
Remote operating system : Microsoft Windows Server 2003
Confidence Level : 80
Method : RDP
The remote host is running Microsoft Windows Server 2003
Nessus ID : 11936 |
Informational |
general/tcp |
Synopsis :
The remote host seems to be a VMware virtual machine.
According to the MAC address of its network adapter, the remote host
is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.
Solution :
n/a
Risk factor :
None
Nessus ID : 20094 |
Informational |
general/tcp |
Synopsis :
The manufacturer can be deduced from the Ethernet OUI.
Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.
See also :
http://standards.ieee.org/faqs/OUI.html,http://standards.ieee.org/regauth/oui/index.shtml
Solution :
n/a
Risk factor :
None
Plugin output :
The following card manufacturers were identified :
00:0c:29:43:e9:7a : VMware, Inc.
Nessus ID : 35716 |