none
Unencrypted Remote Authentication Available - RPC

    Question

  • Hi,

    I have run an vunerbelirty scan and one outcome is this. I have done some investigatin but not come up with any solution. What to do? 

    This RPC service allows cleartext or very weak authentication protocols without any encryption encapsulating login sessions.

    <label class="findinginfo findinginfo-left" for="displayfield-5931-inputEl" id="displayfield-5931-labelEl" style="box-sizing:border-box;margin-right:5px;width:140px;">Solution:</label>
    RPC can be secured by wrapping the service in SSL. If you do not need this service to be running, however, disable/filter access to it.
    <label class="findinginfo findinginfo-left" for="displayfield-5932-inputEl" id="displayfield-5932-labelEl" style="box-sizing:border-box;margin-right:5px;width:140px;">Category:</label>
    Workaround
    <label class="findinginfo findinginfo-left" for="displayfield-5933-inputEl" id="displayfield-5933-labelEl" style="box-sizing:border-box;margin-right:5px;width:140px;">Product:</label>
    DCE RPC / ONC RPC (Sun RPC)
    <label class="findinginfo findinginfo-left" for="displayfield-5934-inputEl" id="displayfield-5934-labelEl" style="box-sizing:border-box;margin-right:5px;width:140px;">CVE:</label>
    No CVE
    <label class="findinginfo findinginfo-left" for="displayfield-5943-inputEl" id="displayfield-5943-labelEl" style="box-sizing:border-box;margin-right:5px;width:140px;">Bugtraq:</label>
    No bugtraq

    Zorky HPC

    Tuesday, May 7, 2019 1:49 PM

Answers

All replies