 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.10988 |
| Category: | General |
| Title: | Netware NDS Object Enumeration |
| Summary: | This host is a Novell Netware (eDirectory) server, and has browse; rights on the PUBLIC object. |
| Description: | Summary: This host is a Novell Netware (eDirectory) server, and has browse rights on the PUBLIC object. Vulnerability Impact: It is possible to enumerate all NDS objects, including users, with crafted queries. An attacker can use this to gain information about this host. Solution: The NDS object PUBLIC should not have Browse rights the tree should be restricted to authenticated users only. Removing Browse rights from the object will fix this issue. If this is an external system it is recommended that access to port 524 is blocked from the Internet. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Copyright | Copyright (C) 2002 Digital Defense Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |