1.7.10 Ensure XDMCP is not enabled

Information

X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays

XDMCP is inherently insecure.

- XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a user
- XDMCP is vulnerable to man-in-the-middle attacks. This may allow an attacker to steal the credentials of legitimate users by impersonating the XDMCP server.

Solution

Edit the file /etc/gdm/custom.conf and remove the line:

Enable=true

See Also

https://workbench.cisecurity.org/benchmarks/15965

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 39725b971cd973ef585f02a48a915e5c8c745544c932da677ea876d1f064b37e