| VID |
23144 |
| Severity |
20 |
| Port |
2300 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Cheops NG agent transmits passwords in plain text. Cheops Nis a freely available, open source network management tool for mapping and monitoring your network. If Cheops NG agent has been compiled without openSSL, it may create a security issue because passwords are transmitted in clear text. An attacker that has the ability to intercept network communications between the Cheops NG agent and a client may leverage this issue to obtain passwords
* References:
http://cheops-ng.sourceforge.net/
http://www.securiteam.com/tools/2NUPUQKQ0C.html
* Platforms Affected:
Cheops NG agent Any version
Linux Any version
FreeBSD Any version |
| Recommendation |
Configure Cheops NG agent to run on top of SSL or block TCP port 2300 from outside communication if you want to further restrict the use of Cheops. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
