Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Useless services --> Category: infos

X Display Manager Control Protocol (XDMCP) Vulnerability Scan

Vulnerability Scan Summary
Checks if XDM has XDMCP protocol enabled

Detailed Explanation for this Vulnerability Test

Synopsis :

XDMCP is running on the remote host.

Description :

XDMCP allow a Unix user to remotely obtain a graphical X11 login
(and therefore act as a local user on the remote host).

If a possible hacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host. A possible hacker may also use this service
to mount a dictionary attack against the remote host to try
to log in remotely.

Note that XDMCP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
XDMCP server. In addition to this, XDMCP is not a ciphered protocol
which make it easy for a possible hacker to capture the keystrokes
entered by the user.

Solution :

Disable the XDMCP if you do not use it, and do not allow this
service to run across the internet

Threat Level:

Low / CVSS Base Score : 1.9

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.