1.8.4 Ensure XDCMP is not enabled

Information

X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays

Rationale:

XDMCP is inherently insecure.

XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a user

XDMCP is vulnerable to man-in-the-middle attacks. This may allow an attacker to steal the credentials of legitimate users by impersonating the XDMCP server.

Solution

Edit the file /etc/gdm/custom.conf and remove the line

Enable=true

Default Value:

false (This is denoted by no Enabled= entry in the file /etc/gdm/custom.conf in the [xdmcp] section

See Also

https://workbench.cisecurity.org/files/3636