Cheops-ng Cleartext Authentication Information Disclosure

medium Nessus Plugin ID 20162

Synopsis

The remote Cheops-ng agent is affected by an information disclosure vulnerability.

Description

A Cheops-ng agent is running on the remote host, and it is configured to allow unencrypted connections. It is, therefore, affected by an information disclosure vulnerability due to passwords being transmitted in cleartext. A user with a valid account on the remote host can connect to the agent and use it to map your network, port scan machines, and identify running services. In addition, it is possible to brute-force login/passwords on the remote host using this agent.

Solution

Configure Cheops-ng to run on top of SSL or block this port from outside communication if you want to further restrict the use of Cheops-ng.

See Also

http://cheops-ng.sourceforge.net/

https://sourceforge.net/projects/cheops-ng/

Plugin Details

Severity: Medium

ID: 20162

File Name: cheopsNG_clear_text_password.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 11/8/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: cheopsNG/password