Detections
Analytics
Network UPS Tools Cleartext Authentication
medium Nessus Plugin ID 59659
Language:
Synopsis
The UPS monitoring tool on the remote host does not support encrypted authentication.Description
The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages.Solution
Enable StartTLS support on the server using the 'CERTFILE' directive.See Also
http://www.nessus.org/u?5a501865
https://networkupstools.org/docs/user-manual.chunked/ar01s09.html
Plugin Details
Severity: Medium
ID: 59659
File Name: nut_plaintext_authentication.nasl
Version: 1.5
Type: remote
Family: Misc.
Published: 6/22/2012
Updated: 11/15/2018
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:networkupstools:nut