| VID |
13009 |
| Severity |
20 |
| Port |
1723 |
| Protocol |
TCP |
| Class |
PPTP |
| Detailed Description |
The host seems to be running a PPTP (VPN) service.
PPTP(Point-to-point Tunneling Protocol) is a VPN service that allow to use internet safely like a private network by establishing a secure channel over public network, internet.
Remote users connect to the internal network and play a trusted rule in it. This service should be protected with encrypted user name and password combinations, and should be accessible only to trusted individuals. But, by default the service leaks out such information as Server version (PPTP version), Hostname and Vendor string this could help an attacker better prepare her next attack.
* References:
http://www.iss.net/security_center/static/8522.php
http://cgi.nessus.org/plugins/dump.php3?id=10622 |
| Recommendation |
Restrict access to this port(1723/tcp) from untrusted networks. Make sure only encrypt channels are allowed through the PPTP (VPN) connection. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
