HIGH (2)
VNC Server Unauthenticated Access
Plugin ID: 26925
Port: tcp/5900
The VNC server installed on the remote host allows an attacker
to connect to the remote host as no authentication is required
to access this service.
** The VNC server sometimes sends the connected user to the XDM login
** screen. Unfortunately, Nessus cannot identify this situation.
** In such a case, it is not possible to go further without valid
** credentials and this alert may be ignored.
Javasolt megoldás
Disable the No Authentication security type.
VNC Server Unauthenticated Access: Screenshot
Plugin ID: 66174
Port: tcp/5900
The VNC server installed on the remote host allows an attacker to
connect to the remote host as no authentication is required to access
this service.
It was possible to log into the remote service and take a screenshot.
Javasolt megoldás
Disable the 'No Authentication' security type.
MEDIUM (1)
SMB Signing not required
Plugin ID: 57608
Port: tcp/445
Signing is not required on the remote SMB server. An unauthenticated,
remote attacker can exploit this to conduct man-in-the-middle attacks
against the SMB server.
Javasolt megoldás
Enforce message signing in the host's configuration. On Windows, this
is found in the policy setting 'Microsoft network server: Digitally
sign communications (always)'. On Samba, the setting is called 'server
signing'. See the 'see also' links for further details.