| VID |
24032 |
| Severity |
40 |
| Port |
5631,65301 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The PC Anywhere service does not require a password to access the desktop of the system. If the system is running Windows 95, 98, or ME, gaining full control of the machine is trivial. If the system is running NT or 2000 and is currently logged out, an attacker can still spy on and hijack a legitamate user's session when they login.
* References:
http://cgi.nessus.org/plugins/dump.php3?id=10798 |
| Recommendation |
1. Open the PC Anywhere application as an Administrator.
2. Right click on the Host object you are using and select Properties.
3. Select the Caller Access tab.
4. Switch the authentication type to Windows or PC Anywhere.
5. If you are using PC Anywhere authentication, set a strong password. |
| Related URL |
CVE-1999-0508 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
