| VID |
23145 |
| Severity |
30 |
| Port |
2300 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Cheops NG agent does not require a password for access. Cheops is a freely available, open source network management tool for mapping and monitoring your network. If a Cheops NG agent has been invoked with blank password for clients, a remote attacker with knowledge of this information can connect to an affected agent using a client to gain unauthorized access and use it to mapping your network, port scan machines and identify running services.
* References:
http://cheops-ng.sourceforge.net/
http://www.securiteam.com/tools/2NUPUQKQ0C.html
* Platforms Affected:
Cheops NG agent Any version
Linux Any version
FreeBSD Any version |
| Recommendation |
Make sure that enable authentication by starting the agent using the '-p' option. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
