| VID |
27096 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
The FTP service is running on a remote Windows server. FTP is basically a weak protocol in which authentication information is sent in plain text. If you use the basic FTP service provided by the OS, the account and password are transmitted unencrypted, so there is a risk of exposing the account information by Sniffer.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
-Start / Run / SERVICES.MSC / FTP Publishing Service> Properties> General Tab
-Stop the FTP service after setting ¡°Startup Type¡± to ¡°Disabled¡±. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
