Family: Useless services --> Category: infos
X Display Manager Control Protocol (XDMCP) Vulnerability Scan
Vulnerability Scan Summary
Checks if XDM has XDMCP protocol enabled
Detailed Explanation for this Vulnerability Test
XDMCP is running on the remote host.
XDMCP allow a Unix user to remotely obtain a graphical X11 login
(and therefore act as a local user on the remote host).
If a possible hacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host. A possible hacker may also use this service
to mount a dictionary attack against the remote host to try
to log in remotely.
Note that XDMCP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
XDMCP server. In addition to this, XDMCP is not a ciphered protocol
which make it easy for a possible hacker to capture the keystrokes
entered by the user.
Disable the XDMCP if you do not use it, and do not allow this
service to run across the internet
Low / CVSS Base Score : 1.9
Click HERE for more information and discussions on this network vulnerability scan.