NESSUS_ID : 10330
提示 ftp (21/tcp) 开放服务
"ftp"服务可能运行于该端口.
NESSUS_ID : 10330
提示 Windows Terminal Services (3389/tcp) 开放服务
"Windows Terminal Services"服务可能运行于该端口.
NESSUS_ID : 10330
提示 Windows Terminal Services (3389/tcp) Windows Terminal Service Enabled
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host. An attacker may also use this service
to mount a dictionnary attack against the remote host to try
to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable
to Man-in-the-middle attacks, making it easy for attackers to
steal the credentials of legitimates users by impersonating the
Windows server.
Solution : Disable the Terminal Services if you do not use them, and
do not allow this service to run across the internet
Risk factor : Medium
BUGTRAQ_ID : 3099, 7258
NESSUS_ID : 10940
警告 msrdp (3389/tcp) Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
The remote version of Remote Desktop Protocol Server (Terminal Service) is
vulnerable to a man in the middle attack.
An attacker may exploit this flaw to decrypt communications between client
and server and obtain sensitive information (passwords, ...).
See Also : http://www.oxid.it/downloads/rdp-gbu.pdf
Solution : None at this time.
Risk factor : Medium
CVE_ID : CAN-2005-1794
BUGTRAQ_ID : 13818
NESSUS_ID : 18405
--------------------------------------------------------------------------------
作者: 越前リョーマ 时间: 2008-2-4 03:50
我讨厌报告BUG又要VIP看的帖……作者: yangff 时间: 2008-2-4 03:53