0% found this document useful (0 votes)

46 views17 pages

2022-23 VAPT Report

The document provides a disclaimer stating that the information in an attached report is confidential and intended for the addressee only. It disclaims all liability for any losses arising from events outside the author's control or from any misuse of the report. The document also lists amendment history and approval details for a vulnerability assessment report of Gyandeep Stocks Pvt Ltd, including a dashboard with vulnerability counts by severity and details of vulnerabilities found on their network assets.

Uploaded by

Movies 4 U khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

46 views17 pages

2022-23 VAPT Report

Uploaded by

Movies 4 U khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 17

DISCLAIMER

The information shared in this report is confidential and may be legally privileged. It is intended solely for the addressee only and access to this report by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying, reproduction, distribution or any action taken or omitted to be taken in reliance on it, is
prohibited and may be unlawful.

Essentials will not be liable to you in respect of any losses arising out of any event or events beyond our reasonable control. We will not be liable to you in respect of
any business losses, including without limitation loss of or damage to profits, income, revenue, use, production, anticipated savings, business, contracts, commercial
opportunities or goodwill or otherwise arising because of use or any misuse of this report by anyone. All the recommendations and solutions provided in this report are
on as is basis and are void of any warranty expressed or implied.

Document Control:

Document Version: 1.0

Released on: 2-Mar-23

Author: Essential Infosec Private Limited Team

Approved by: EIS Team

Organization Essential Infosec Private Limited

Amendment History:

Sr. No. Date Description Audited By Sign-off By

1 28-Mar-23 Gyandeep Stocks Pvt Ltd L-2 Ajhar Pawan Srivastava

Digitally signed by
PAWAN PAWAN SRIVASTAVA
SRIVASTAVA Date: 2023.04.03
16:56:11 +05'30'

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
Vulnerability Assessment Dashboard Status Report
of Gyandeep Stocks Pvt Ltd

Sr. No. Scope

Vulnerability By Severity 1 192.168.1.197
200 2 10.213.2.58
180 3 10.146.37.4
160 4 10.170.145.2
140 5 10.10.1.197
120 6 192.168.1.196
100 7 192.168.42.1
80
8 10.213.2.50
9 192.168.42.101
60
10 10.213.2.60
40
11 192.168.1.254
20
12 10.10.1.196
0
13 192.168.42.3
Critical High Medium Low
14 192.168.1.90
15 192.168.42.25
16 192.168.1.114
17 192.168.42.8
18 192.168.42.9
19 192.168.1.109
20 192.168.1.112
21 192.168.1.106
22 192.168.1.105

Severity Wise Vulnerability Distribution

Severity Count of Vulnerabilities
Critical 8
High 49
Medium 179
Low 15
Grand Total 251

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
# Asset IP Address Operating System Vulnerability Title Port No Vulnerability Severity Status CVE IDs CVSS Score Vulnerability Description Vulnerability Solution Symphony
MongoDB, a document-oriented database system, is listening on the
remote port, and it is configured to allow connections without any
authentication. A remote attacker can therefore connect to the
database system in order to create, read, update, and delete
1 192.168.1.196 Microsoft Windows Server 2012 Standard MongoDB Service Without Authentication Detection 27017 Critical Open 6.4 documents, collections, and databases. Enable authentication or restrict access to the MongoDB service. We are in process of migrating from Mongo DB to MySql. Tentative timelines
will be 2 months.
The Opcode used by Nessus to determine if the MongoDB instance
is vulnerable has been deprecated in version 5.0. Until a viable
replacement code has been determined, please manually confirm if
authentication is enabled when using MongoDB v5.0 or higher.
The remote service accepts connections encrypted using SSL 2.0 and/or
SSL 3.0. These versions of SSL are affected by several cryptographic
flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle

attacks or to decrypt communications between the affected service and
clients.
2 192.168.1.197 Microsoft Windows Server 2012 Standard SSL Version 2 and 3 Protocol Detection 443 Critical Open 10 Consult the application's documentation to disable SSL 2.0 and 3.0.
April Mock
Use TLS 1.2 (with approved cipher suites) or higher instead.
Although SSL/TLS has a secure means for choosing the highest supported
version of the protocol (so that these versions will be used only if
the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade
a connection (such as in POODLE). Therefore, it is recommended that
these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure
communications. As of the date of enforcement found in PCI DSS v3.1,
any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
MongoDB, a document-oriented database system, is listening on the
remote port, and it is configured to allow connections without any
authentication. A remote attacker can therefore connect to the
database system in order to create, read, update, and delete
3 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB Service Without Authentication Detection 27017 Critical Open 6.4 documents, collections, and databases. Enable authentication or restrict access to the MongoDB service. We are in process of migrating from Mongo DB to MySql. Tentative timelines
will be 2 months.
The Opcode used by Nessus to determine if the MongoDB instance
is vulnerable has been deprecated in version 5.0. Until a viable
replacement code has been determined, please manually confirm if
authentication is enabled when using MongoDB v5.0 or higher.
The remote service accepts connections encrypted using SSL 2.0 and/or
SSL 3.0. These versions of SSL are affected by several cryptographic
flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle

attacks or to decrypt communications between the affected service and
clients.
4 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Version 2 and 3 Protocol Detection 1832 Critical Open 10 Consult the application's documentation to disable SSL 2.0 and 3.0.
April Mock
Use TLS 1.2 (with approved cipher suites) or higher instead.
Although SSL/TLS has a secure means for choosing the highest supported
version of the protocol (so that these versions will be used only if
the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade
a connection (such as in POODLE). Therefore, it is recommended that
these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure
communications. As of the date of enforcement found in PCI DSS v3.1,
any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
The remote service accepts connections encrypted using SSL 2.0 and/or
SSL 3.0. These versions of SSL are affected by several cryptographic
flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle

attacks or to decrypt communications between the affected service and
clients.
5 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Version 2 and 3 Protocol Detection 5500 Critical Open 10 Consult the application's documentation to disable SSL 2.0 and 3.0.
April Mock
Use TLS 1.2 (with approved cipher suites) or higher instead.
Although SSL/TLS has a secure means for choosing the highest supported
version of the protocol (so that these versions will be used only if
the client or server support nothing better), many web browsers
implement this in an unsafe way that allows an attacker to downgrade
a connection (such as in POODLE). Therefore, it is recommended that
these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure
communications. As of the date of enforcement found in PCI DSS v3.1,
any version of SSL will not meet the PCI SSC's definition of 'strong
cryptography'.
A flaw in the way the installed Windows DNS client processes Link-
local Multicast Name Resolution (LLMNR) queries can be exploited to
execute arbitrary code in the context of the NetworkService account.
6 192.168.1.254 Microsoft Windows Server 2012 Standard
MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) (remote 5355
check) Critical Open CVE-2011-0657 10 Microsoft has released a set of patches for Windows XP, 2003, Vista,
You can plan for OS update to higher versions Windows 2016 or 2019
Note that Windows XP and 2003 do not support LLMNR and successful 2008, 7, and 2008 R2.
exploitation on those platforms requires local access and the ability
to run a special application. On Windows Vista, 2008, 7, and 2008 R2,
however, the issue can be exploited remotely.
According to its version, the installation of Oracle Database running
on the remote host is no longer supported.
7 192.168.1.254 Microsoft Windows Server 2012 Standard Oracle Database Unsupported Version Detection 1521 Critical Open 10 Upgrade to a version of Oracle Database that is currently supported. Oracle is not used by XTS.
Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities.
The remote version of Microsoft Windows is either missing a service pack
8 192.168.1.254 Microsoft Windows Server 2012 Standard Unsupported Windows OS (remote) 0 Critical Open 10 or is no longer supported. As a result, it is likely to contain security Upgrade to a supported service pack or operating system You can plan for OS update to higher versions Windows 2016 or 2019
vulnerabilities.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
9 192.168.1.105 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
10 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
11 192.168.1.197 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
14 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-2917 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
15 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-3971 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
16 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-8964 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
17 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2015-2705 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
18 192.168.1.197 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2017-12926 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
19 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 1832 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
20 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
21 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 5500 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Note that certificates in the chain that are contained in the Nessus
CA database (known_CA.inc) have been ignored.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
22 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 1832 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
23 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
24 192.168.1.254 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 5500 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote Oracle TNS listener allows service registration from a
remote host. An attacker can exploit this issue to divert data from a
legitimate database server or client to an attacker-specified system.
25 192.168.1.254 Microsoft Windows Server 2012 Standard Oracle TNS Listener Remote Poisoning 1521 High Open CVE-2012-1675 7.5 Apply the workaround in Oracle's advisory. We do not Require Oracle
Successful exploits will allow the attacker to manipulate database
instances, potentially facilitating man-in-the-middle, session-
hijacking, or denial of service attacks on a legitimate database
server.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
26 192.168.42.1 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
27 192.168.42.25 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
28 192.168.42.9 Microsoft Windows Server 2019 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
29 10.10.1.197 Microsoft Windows Server 2019 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
31 10.10.1.197 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-2917 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
32 10.10.1.197 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-3971 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
33 10.10.1.197 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-8964 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
34 10.10.1.197 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2015-2705 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
35 10.10.1.197 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2017-12926 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
36 10.146.37.4 Microsoft Windows Server 2019 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
38 10.146.37.4 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-2917 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
39 10.146.37.4 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-3971 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
40 10.146.37.4 Microsoft Windows Server 2019 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-8964 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
41 10.146.37.4 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2015-2705 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
42 10.146.37.4 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2017-12926 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
43 10.170.145.2 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
45 10.170.145.2 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-2917 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
46 10.170.145.2 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-3971 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
47 10.170.145.2 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2014-8964 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
48 10.170.145.2 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2015-2705 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

CmdAuthenticate::_authenticateX509 function in
db/commands/authentication_commands.cpp in mongod. An
unauthenticated remote attacker can exploit this to cause a denial
of service (daemon crash) by attempting authentication with an
49 10.170.145.2 Microsoft Windows Server 2012 Standard MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod 27017 High Open CVE-2017-12926 7.5 Upgrade to MongoDB version 2.6.9 / 3.0.14 / 3.2.8 or later. We are in process of migrating from Mongo DB to MySql. Tentative timelines
invalid X.509 client certificate. (CVE-2014-3971)
will be 2 months.
- A heap-based buffer overflow condition exists in PCRE. An
unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The remote host supports the use of SSL ciphers that offer medium
strength encryption. Nessus regards medium strength as any encryption
that uses key lengths at least 64 bits and less than 112 bits, or
50 10.213.2.50 Microsoft Windows Server 2012 Standard SSL Medium Strength Cipher Suites Supported (SWEET32) 3389 High Open CVE-2016-2183 5 Reconfigure the affected application if possible to avoid use of
else that uses the 3DES encryption suite. We do not require SSL on Windows server.
medium strength ciphers.
Note that it is considerably easier to circumvent medium strength
encryption if the attacker is on the same physical network.
The remote service uses an SSL certificate chain that has been signed
using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5,
or SHA1). These signature algorithms are known to be vulnerable to
collision attacks. An attacker can exploit this to generate another
certificate with the same digital signature, allowing an attacker to
masquerade as the affected service.
51 10.213.2.58 Microsoft Windows Server 2012 Standard SSL Certificate Signed Using Weak Hashing Algorithm 3389 High Open CVE-2004-2761 5 Contact the Certificate Authority to have the SSL certificate reissued. We do not require SSL on Windows server.
Note that this plugin reports all SSL certificate chains signed with
SHA-1 that expire after January 1, 2017 as vulnerable. This is in
accordance with Google's gradual sunsetting of the SHA-1 cryptographic
hash algorithm.

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

- A heap-based buffer overflow condition exists in PCRE. An

unauthenticated remote attacker can exploit this via a crafted
regular expression, related to an assertion that allows zero
repeats to cause a denial of service or to cause other unspecified
impact. (CVE-2014-8964)

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

- A heap-based buffer overflow condition exists in PCRE. An

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

- A heap-based buffer overflow condition exists in PCRE. An

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

- A heap-based buffer overflow condition exists in PCRE. An

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

The version of the remote MongoDB server is 2.6.x prior to 2.6.9,
is 3.0.x < 3.0.14 or is 3.2.x < 3.2.8. It is, therefore, affected by
multiple vulnerabilities.

- A credentials disclosure vulnerability exists in the

PEMKeyPassword, clusterPassword and Windows servicePassword. An
unauthenticated local attacker can exploit this to get access
to user credentials. (CVE-2014-2917)

- A denial of service (DoS) vulnerability exist in the

- A heap-based buffer overflow condition exists in PCRE. An

- A DoS vulnerability exists due to failure to check for missing

values. An authenticated remote attacker can exploit this to
cause the application to crash. The attacker needs write access
to a database to be able to exploit this vulnerability.
(CVE-2015-2705)

- A breach of data integrity vulnerability exists in the WiredTiger

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
58 10.10.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
59 10.10.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
60 10.10.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
61 10.10.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

An easy attack is 'pingpong' which IP spoofs a packet between two machines Date: Monday, April 3, 2023 5:36 PM
net stop simptcp
net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
63 10.10.1.197 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
64 10.10.1.197 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2001-1372 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
65 10.10.1.197 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-0266 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
66 10.10.1.197 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-2008 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
67 10.10.1.197 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2003-0456 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
68 10.10.1.197 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
69 10.10.1.197 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
70 10.10.1.197 Microsoft Windows Server 2012 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49198
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.
The version of the remote MongoDB server is 2.x, 3.x < 3.0.15, 3.2.x < 3.2.14, 3.3.x < 3.3.14. It
is, therefore,
affected by an information disclosure in mongo shell due to the MongoDB client having world-
readable permissions on
.dbshell history files. An unauthenticated, local attacker can exploit this by reading these files to
71 10.10.1.197 Microsoft Windows Server 2012 Standard2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability 27017
MongoDB (SERVER-25335) Medium Open CVE-2016-6494 2.1 disclose Upgrade to MongoDB version 3.0.15, 3.2.14, 3.3.14, 3.4 or later. We do not require MongoDB on Windows server.
potentially sensitive information.

Note that Nessus has not tested for these issues but has instead relied only on the application's
self-reported version
number.
Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
72 10.146.37.4 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
73 10.146.37.4 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
74 10.146.37.4 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
75 10.146.37.4 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
76 10.146.37.4 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
77 10.146.37.4 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
78 10.146.37.4 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2001-1372 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
79 10.146.37.4 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-0266 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
80 10.146.37.4 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-2008 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
81 10.146.37.4 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2003-0456 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
82 10.146.37.4 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
83 10.146.37.4 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
84 10.146.37.4 Microsoft Windows Server 2012 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49198
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.
The version of the remote MongoDB server is 2.x, 3.x < 3.0.15, 3.2.x < 3.2.14, 3.3.x < 3.3.14. It
is, therefore,
affected by an information disclosure in mongo shell due to the MongoDB client having world-
readable permissions on
.dbshell history files. An unauthenticated, local attacker can exploit this by reading these files to
85 10.146.37.4 Microsoft Windows Server 2012 Standard2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability 27017
MongoDB (SERVER-25335) Medium Open CVE-2016-6494 2.1 disclose Upgrade to MongoDB version 3.0.15, 3.2.14, 3.3.14, 3.4 or later. We do not require MongoDB on Windows server.
potentially sensitive information.

Note that Nessus has not tested for these issues but has instead relied only on the application's
self-reported version
number.
Signer: GYANDEEP KHEMKA
Date: Monday, April 3, 2023 5:36 PM
Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
86 10.170.145.2 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
87 10.170.145.2 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
88 10.170.145.2 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
89 10.170.145.2 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
90 10.170.145.2 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
91 10.170.145.2 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
92 10.170.145.2 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2001-1372 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
93 10.170.145.2 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-0266 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
94 10.170.145.2 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-2008 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
95 10.170.145.2 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2003-0456 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
96 10.170.145.2 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
97 10.170.145.2 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
98 10.170.145.2 Microsoft Windows Server 2012 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49198
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.
The version of the remote MongoDB server is 2.x, 3.x < 3.0.15, 3.2.x < 3.2.14, 3.3.x < 3.3.14. It
is, therefore,
affected by an information disclosure in mongo shell due to the MongoDB client having world-
readable permissions on
.dbshell history files. An unauthenticated, local attacker can exploit this by reading these files to
99 10.170.145.2 Microsoft Windows Server 2012 Standard2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability 27017
MongoDB (SERVER-25335) Medium Open CVE-2016-6494 2.1 disclose Upgrade to MongoDB version 3.0.15, 3.2.14, 3.3.14, 3.4 or later. We do not require MongoDB on Windows server.
potentially sensitive information.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
100 10.213.2.58 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
101 10.213.2.58 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
102 10.213.2.58 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

Signer: GYANDEEP KHEMKA

net start simptcp

To restart the service.

Date: Monday, April 3, 2023 5:36 PM

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
103 10.213.2.58 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
104 10.213.2.58 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
A server listens for TCP connections on TCP port 17. Once a connection - Under Unix systems, comment out the 'qotd' line in /etc/inetd.conf
is established a short message is sent out the connection (and any and restart the inetd process
data received is thrown away). The service closes the connection
after sending the quote. - Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
Another quote of the day service is defined as a datagram based HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd
105 10.213.2.58 Microsoft Windows Server 2012 Standard Quote of the Day (QOTD) Service Detection 17 Medium Open CVE-1999-0103 5 application on UDP. A server listens for UDP datagrams on UDP port 17. We do not require Quote on Windows server.
When a datagram is received, an answering datagram is sent containing Then launch cmd.exe and type :
a quote (the data in the received datagram is ignored).
net stop simptcp
An easy attack is 'pingpong' which IP spoofs a packet between two machines net start simptcp
running qotd. This will cause them to spew characters at each other,
slowing the machines down and saturating the network. To restart the service.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
106 10.213.2.58 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2001-1372 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
107 10.213.2.58 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-0266 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
108 10.213.2.58 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2002-2008 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote web server reveals the physical path of the webroot when a
nonexistent page is requested.
109 10.213.2.58 Microsoft Windows Server 2012 Standard Nonexistent Page (404) Physical Path Disclosure 80 Medium Open CVE-2003-0456 5 Upgrade the web server to the latest version. Alternatively,
We do not require Nonexistent on Windows server.
reconfigure the web server to disable debug reporting.
While printing errors to the output is useful for debugging
applications, this feature should be disabled on production servers.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
110 10.213.2.58 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
111 10.213.2.58 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
112 10.213.2.58 Microsoft Windows Server 2012 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49198
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.
The version of the remote MongoDB server is 2.x, 3.x < 3.0.15, 3.2.x < 3.2.14, 3.3.x < 3.3.14. It
is, therefore,
affected by an information disclosure in mongo shell due to the MongoDB client having world-
readable permissions on
.dbshell history files. An unauthenticated, local attacker can exploit this by reading these files to
113 10.213.2.58 Microsoft Windows Server 2012 Standard2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability 27017
MongoDB (SERVER-25335) Medium Open CVE-2016-6494 2.1 disclose Upgrade to MongoDB version 3.0.15, 3.2.14, 3.3.14, 3.4 or later. We do not require MongoDB on Windows server.
potentially sensitive information.

Note that Nessus has not tested for these issues but has instead relied only on the application's
self-reported version
number.
114 192.168.1.112 Microsoft Windows Server 2012 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

server might not be descended from a known public
certificate authority. This can occur either when the
top of the chain is an unrecognized, self-signed
certificate, or when intermediate certificates are
missing that would connect the top of the certificate
chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
115 192.168.1.112 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

that either didn't match the certificate's information
or could not be verified. Bad signatures can be fixed by
getting the certificate with the bad signature to be
re-signed by its issuer. Signatures that could not be
verified are the result of the certificate's issuer
using a signing algorithm that Nessus either does not
support or does not recognize.

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
120 192.168.1.109 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
123 192.168.42.3 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
127 192.168.42.9 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

chain makes it more difficult for users to verify the authenticity and
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
128 192.168.42.9 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

132 192.168.42.9 Microsoft Windows Server 2012 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
133 192.168.42.9 Microsoft Windows Server 2012 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.
134 192.168.1.90 Microsoft Windows Server 2012 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
135 192.168.1.90 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
139 192.168.1.105 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
140 192.168.1.105 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

144 192.168.1.105 Microsoft Windows Server 2012 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
145 192.168.1.105 Microsoft Windows Server 2012 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.

146 192.168.1.106 Microsoft Windows Server 2012 Standard SMB Signing not required 445 Medium Open 5
Signing is not required on the remote SMB server. An unauthenticated,
remote attacker can exploit this to conduct man-in-the-middle attacks
Signer: GYANDEEP KHEMKA
Enforce message signing in the host's configuration. On Windows, this
is found in the policy setting 'Microsoft network server: Digitally
sign communications (always)'. On Samba, the setting is called 'server
We do not require SMB on Windows server.
against the SMB server.
Date: Monday, April 3, 2023 5:36 PM
signing'. See the 'see also' links for further details.
The remote version of the Remote Desktop Protocol Server (Terminal
Service) is vulnerable to a man-in-the-middle (MiTM) attack. The RDP
client makes no effort to validate the identity of the server when
setting up encryption. An attacker with the ability to intercept - Force the use of SSL as a transport layer for this service if
traffic from the RDP server can establish encryption with the client supported, or/and
147 192.168.1.196 Microsoft Windows Server 2012 Standard Remote Desktop Protocol Server Man-in-the-Middle Weakness 3389 Medium Open CVE-2005-1794 5.1 and server without being detected. A MiTM attack of this nature would
We do not require Remote on Windows server.
allow the attacker to obtain any sensitive information transmitted, - On Microsoft Windows operating systems, select the 'Allow connections
including authentication credentials. only from computers running Remote Desktop with Network Level
Authentication' setting if it is available.
This flaw exists because the RDP server stores a publicly known
hard-coded RSA private key. Any attacker in a privileged network
location can use the key for this attack.
The remote host is running a Telnet server over an unencrypted
channel.

Using Telnet over an unencrypted channel is not recommended as logins,

passwords, and commands are transferred in cleartext. This allows a
148 192.168.1.196 Microsoft Windows Server 2012 Standard Unencrypted Telnet Server 23 Medium Open 5.8 remote, man-in-the-middle attacker to eavesdrop on a Telnet session to Disable the Telnet service and use SSH instead. We do not require Unencrypted on Windows server.
obtain credentials or other sensitive information and to modify
traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from

eavesdropping and can tunnel additional data streams such as an X11
session.
149 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
150 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
151 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

chain makes it more difficult for users to verify the authenticity and
The X.509 certificate chain for this service is not signed by a
recognized certificate authority. If the remote host is a public host
in production, this nullifies the use of SSL as anyone could establish
152 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Self-Signed Certificate 3389 Medium Open 6.4 a man-in-the-middle attack against the remote host. Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
Note that this plugin does not check for certificate chains that end
in a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
The X.509 certificate chain for this service is not signed by a
recognized certificate authority. If the remote host is a public host
in production, this nullifies the use of SSL as anyone could establish
153 192.168.1.196 Microsoft Windows Server 2012 Standard SSL Self-Signed Certificate 7070 Medium Open 6.4 a man-in-the-middle attack against the remote host. Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
Note that this plugin does not check for certificate chains that end
in a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
Enforce message signing in the host's configuration. On Windows, this
Signing is not required on the remote SMB server. An unauthenticated,
154 192.168.1.196 Microsoft Windows Server 2012 Standard SMB Signing not required 445 Medium Open 5 is found in the policy setting 'Microsoft network server: Digitally
remote attacker can exploit this to conduct man-in-the-middle attacks We do not require SMB on Windows server.
sign communications (always)'. On Samba, the setting is called 'server
against the SMB server.
signing'. See the 'see also' links for further details.
The remote Terminal Services service is not configured to use strong
Change RDP encryption level to one of :
cryptography.
155 192.168.1.196 Microsoft Windows Server 2012 Standard Terminal Services Encryption Level is Medium or Low 3389 Medium Open 4.3 3. High We do not require Terminal on Windows server.
Using weak cryptography with this service may allow an attacker to
eavesdrop on the communications more easily and obtain screenshots
4. FIPS Compliant
and/or keystrokes.
The remote Terminal Services is not configured to use Network Level
Authentication (NLA) only. NLA uses the Credential Security Support
Provider (CredSSP) protocol to perform strong server authentication
156 192.168.1.196 Microsoft Windows Server 2012 Standard Terminal Services Doesn't Use Network Level Authentication (NLA) Only 3389 Medium Open 4.3 either through TLS/SSL or Kerberos mechanisms, which protect against Enable Network Level Authentication (NLA) on the remote RDP server. This is
We do not require Terminal on Windows server.
man-in-the-middle attacks. In addition to improving authentication, generally done on the 'Remote' tab of the 'System' settings on Windows.
NLA also helps protect the remote computer from malicious users and
software by completing user authentication before a full RDP
connection is established.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
157 192.168.1.196 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
158 192.168.1.196 Microsoft Windows Server 2012 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

159 192.168.1.196 Microsoft Windows Server 2012 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
160 192.168.1.196 Microsoft Windows Server 2012 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.
When contacted, chargen responds with some random characters (something
- Under Unix systems, comment out the 'chargen' line in /etc/inetd.conf
like all the characters in the alphabet in a row). When contacted via UDP, it
and restart the inetd process
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
- Under Windows systems, set the following registry keys to 0 :
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpChargen
The purpose of this service was to mostly test the TCP/IP protocol
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpChargen
161 192.168.1.197 Microsoft Windows Server 2012 Standard Chargen UDP Service Remote DoS 19 Medium Open CVE-1999-0103 5 by itself, to make sure that all the packets were arriving at their
We do not require Chargen on Windows server.
destination unaltered. It is unused these days, so it is suggested
Then launch cmd.exe and type :
you disable it, as an attacker may use it to set up an attack against
this host, or against a third-party host using this host as a relay.
net stop simptcp
net start simptcp
An easy attack is 'ping-pong' in which an attacker spoofs a packet between
two machines running chargen. This will cause them to spew characters at
To restart the service.
each other, slowing the machines down and saturating the network.
Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
162 192.168.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
163 192.168.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
164 192.168.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0103 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
Below are some examples of how to disable the echo service on some common
platforms, however many services can exhibit this behavior and the list below
is not exhaustive.

Consult vendor documentation for the service exhibiting the echo behavior
for more information.

- Under Unix systems, comment out the 'echo' line in /etc/inetd.conf

and restart the inetd process.
The remote host is running the 'echo' service. This service
echoes any data which is sent to it.
- Under Ubuntu systems, comment out the 'echo' line in
165 192.168.1.197 Microsoft Windows Server 2012 Standard Echo Service Detection 7 Medium Open CVE-1999-0635 5 /etc/systemd/system.conf and retart the systemd service. We do not require Echo on Windows server.
This service is unused these days, so it is strongly advised that
you disable it, as it may be used by attackers to set up denial of
- Under Windows systems, set the following registry key to 0 :
services attacks against this host.
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpEcho
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpEcho

Then launch cmd.exe and type :

net stop simptcp

net start simptcp

To restart the service.

Using Telnet over an unencrypted channel is not recommended as logins,

passwords, and commands are transferred in cleartext. This allows a
169 192.168.1.197 Microsoft Windows Server 2019 Standard Unencrypted Telnet Server 23 Medium Open 5.8 remote, man-in-the-middle attacker to eavesdrop on a Telnet session to Disable the Telnet service and use SSH instead. We do not require Unencrypted on Windows server.
obtain credentials or other sensitive information and to modify
traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from

eavesdropping and can tunnel additional data streams such as an X11
session.
170 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
171 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 443 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
172 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
173 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

chain makes it more difficult for users to verify the authenticity and
The X.509 certificate chain for this service is not signed by a
recognized certificate authority. If the remote host is a public host
in production, this nullifies the use of SSL as anyone could establish
174 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Self-Signed Certificate 443 Medium Open 6.4 a man-in-the-middle attack against the remote host. Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
Note that this plugin does not check for certificate chains that end
in a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
The X.509 certificate chain for this service is not signed by a
recognized certificate authority. If the remote host is a public host
in production, this nullifies the use of SSL as anyone could establish
175 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Self-Signed Certificate 3389 Medium Open 6.4 a man-in-the-middle attack against the remote host. Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
Note that this plugin does not check for certificate chains that end
in a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
The X.509 certificate chain for this service is not signed by a
recognized certificate authority. If the remote host is a public host
in production, this nullifies the use of SSL as anyone could establish
176 192.168.1.197 Microsoft Windows Server 2019 Standard SSL Self-Signed Certificate 7070 Medium Open 6.4 a man-in-the-middle attack against the remote host. Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
Note that this plugin does not check for certificate chains that end
in a certificate that is not self-signed, but is signed by an
unrecognized certificate authority.
Enforce message signing in the host's configuration. On Windows, this
Signing is not required on the remote SMB server. An unauthenticated,
177 192.168.1.197 Microsoft Windows Server 2019 Standard SMB Signing not required 445 Medium Open 5 is found in the policy setting 'Microsoft network server: Digitally
remote attacker can exploit this to conduct man-in-the-middle attacks We do not require SMB on Windows server.
sign communications (always)'. On Samba, the setting is called 'server
against the SMB server.
signing'. See the 'see also' links for further details.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
178 192.168.1.197 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 443 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
179 192.168.1.197 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 443 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
180 192.168.1.197 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
181 192.168.1.197 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few
as 256 tries if they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can Disable SSLv3.
182 192.168.1.197 Microsoft Windows Server 2019 Standard SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 443 Medium Open CVE-2014-3566 4.3 be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
We do not require SSLv on Windows server.
client and service. Services that must support SSLv3 should enable the TLS Fallback SCSV
mechanism until SSLv3 can be disabled.
The TLS Fallback SCSV mechanism prevents 'version rollback' attacks
without impacting legacy clients; however, it can only protect
connections when the client and service support the mechanism. Sites
that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any

particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
183 192.168.1.197 Microsoft Windows Server 2019 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49170
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

184 192.168.1.197 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 443 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

185 192.168.1.197 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The version of the remote MongoDB server is 2.x, 3.x < 3.0.15, 3.2.x < 3.2.14, 3.3.x < 3.3.14. It
is, therefore,
affected by an information disclosure in mongo shell due to the MongoDB client having world-
readable permissions on
.dbshell history files. An unauthenticated, local attacker can exploit this by reading these files to
186 192.168.1.197 Microsoft Windows Server 2019 Standard2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability 27017
MongoDB (SERVER-25335) Medium Open CVE-2016-6494 2.1 disclose Upgrade to MongoDB version 3.0.15, 3.2.14, 3.3.14, 3.4 or later. We do not require MongoDB on Windows server.
potentially sensitive information.

Note that Nessus has not tested for these issues but has instead relied only on the application's
self-reported version
number.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
187 192.168.1.197 Microsoft Windows Server 2019 Standard TLS Version 1.1 Protocol Deprecated 443 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
188 192.168.1.197 Microsoft Windows Server 2019 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.
The remote host supports the use of SSL ciphers that offer weak
encryption.
189 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Weak Cipher Suites Supported 1832 Medium Open 4.3 Reconfigure the affected application, if possible to avoid the use of
We do not require SSL on Windows server.
weak ciphers.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
The remote host supports the use of SSL ciphers that offer weak
encryption.
190 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Weak Cipher Suites Supported 5500 Medium Open 4.3 Reconfigure the affected application, if possible to avoid the use of
We do not require SSL on Windows server.
weak ciphers.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
The remote service encrypts traffic using TLS / SSL but allows a client
to insecurely renegotiate the connection after the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue
191 192.168.1.254 Microsoft Windows Server 2019 Standard SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection 1832 Medium Open CVE-2009-3555 5.8 to inject an arbitrary amount of plaintext into the beginning of the Contact the vendor for specific patch information. We do not require SSL on Windows server.
application protocol stream, which could facilitate man-in-the-middle
attacks if the service assumes that the sessions before and after
renegotiation are from the same 'client' and merges them at the
application layer.
The remote service encrypts traffic using TLS / SSL but allows a client
to insecurely renegotiate the connection after the initial handshake.
An unauthenticated, remote attacker may be able to leverage this issue
192 192.168.1.254 Microsoft Windows Server 2019 Standard SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection 5500 Medium Open CVE-2009-3555 5.8 to inject an arbitrary amount of plaintext into the beginning of the Contact the vendor for specific patch information. We do not require SSL on Windows server.
application protocol stream, which could facilitate man-in-the-middle
attacks if the service assumes that the sessions before and after
renegotiation are from the same 'client' and merges them at the
application layer.
193 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
194 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 1832 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
195 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
196 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 5500 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
197 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

204 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Chain Contains Weak RSA Keys 5500 Medium Open 4
key that is shorter than 1024 bits. Such keys are considered weak due
to advances in available computing power decreasing the time required to
factor cryptographic keys.
Signer: GYANDEEP KHEMKA
Replace the certificate in the chain with the weak RSA key with a
We do not require SSL on Windows server.
Some SSL implementations, notably Microsoft's, may consider this SSL
chain to be invalid due to the length of one or more of the RSA keys it
Date: Monday, April 3, 2023 5:36 PM
stronger key, and reissue any certificates it signed.

contains.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
205 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 1832 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
206 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 1832 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
207 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
208 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 3389 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
209 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 5500 Medium Open CVE-2013-2566 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream
of bytes so that a wide variety of small biases are introduced into
Reconfigure the affected application, if possible, to avoid use of RC4
210 192.168.1.254 Microsoft Windows Server 2019 Standard SSL RC4 Cipher Suites Supported (Bar Mitzvah) 5500 Medium Open CVE-2015-2808 4.3 the stream, decreasing its randomness.
ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser We do not require SSL on Windows server.
and web server support.
If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an
attacker is able to obtain many (i.e., tens of millions) ciphertexts,
the attacker may be able to derive the plaintext.
The remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few
as 256 tries if they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can Disable SSLv3.
211 192.168.1.254 Microsoft Windows Server 2019 Standard SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 1832 Medium Open CVE-2014-3566 4.3 be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
We do not require SSLv on Windows server.
client and service. Services that must support SSLv3 should enable the TLS Fallback SCSV
mechanism until SSLv3 can be disabled.
The TLS Fallback SCSV mechanism prevents 'version rollback' attacks
without impacting legacy clients; however, it can only protect
connections when the client and service support the mechanism. Sites
that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any

particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.
The remote host is affected by a man-in-the-middle (MitM) information
disclosure vulnerability known as POODLE. The vulnerability is due to
the way SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining (CBC) mode.
MitM attackers can decrypt a selected byte of a cipher text in as few
as 256 tries if they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0 connections.

As long as a client and service both support SSLv3, a connection can Disable SSLv3.
212 192.168.1.254 Microsoft Windows Server 2019 Standard SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 5500 Medium Open CVE-2014-3566 4.3 be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
We do not require SSLv on Windows server.
client and service. Services that must support SSLv3 should enable the TLS Fallback SCSV
mechanism until SSLv3 can be disabled.
The TLS Fallback SCSV mechanism prevents 'version rollback' attacks
without impacting legacy clients; however, it can only protect
connections when the client and service support the mechanism. Sites
that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any

particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.
The remote host supports EXPORT_RSA cipher suites with keys less than
or equal to 512 bits. An attacker can factor a 512-bit RSA modulus in
a short amount of time.
213 192.168.1.254 Microsoft Windows Server 2019 Standard SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) 1832 Medium Open CVE-2015-0204 4.3 Reconfigure the service to remove support for EXPORT_RSA cipher
We do not require SSL on Windows server.
suites.
A man-in-the middle attacker may be able to downgrade the session to
use EXPORT_RSA cipher suites (e.g. CVE-2015-0204). Thus, it is
recommended to remove support for weak cipher suites.
The remote host supports EXPORT_RSA cipher suites with keys less than
or equal to 512 bits. An attacker can factor a 512-bit RSA modulus in
a short amount of time.
214 192.168.1.254 Microsoft Windows Server 2019 Standard SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Supported (FREAK) 5500 Medium Open CVE-2015-0204 4.3 Reconfigure the service to remove support for EXPORT_RSA cipher
We do not require SSL on Windows server.
suites.
A man-in-the middle attacker may be able to downgrade the session to
use EXPORT_RSA cipher suites (e.g. CVE-2015-0204). Thus, it is
recommended to remove support for weak cipher suites.
The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
215 192.168.1.254 Microsoft Windows Server 2019 Standard
MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed
49154
check) Medium Open CVE-2016-0128 5.8 Microsoft has released a set of patches for Windows Vista, 2008, 7,
channels. A man-in-the-middle attacker able to intercept You can plan for OS update to higher versions Windows 2016 or 2019
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

216 192.168.1.254 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 1832 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

217 192.168.1.254 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a
number of cryptographic design flaws. Modern implementations of TLS 1.0
mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are
designed against these flaws and should be used whenever possible.

218 192.168.1.254 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 5500 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
219 192.168.42.1 Microsoft Windows Server 2019 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
220 192.168.42.1 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
221 192.168.42.1 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

225 192.168.42.1 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended

226 192.168.42.1 Microsoft Windows Server 2019 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
cannot be used with TLS 1.1
Signer: GYANDEEP KHEMKA
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
Date: Monday, April 3, 2023 5:36 PM
web browsers and major vendors.
Enforce message signing in the host's configuration. On Windows, this
Signing is not required on the remote SMB server. An unauthenticated,
227 192.168.42.8 Microsoft Windows Server 2019 Standard SMB Signing not required 445 Medium Open 5 is found in the policy setting 'Microsoft network server: Digitally
remote attacker can exploit this to conduct man-in-the-middle attacks We do not require SMB on Windows server.
sign communications (always)'. On Samba, the setting is called 'server
against the SMB server.
signing'. See the 'see also' links for further details.
228 192.168.42.25 Microsoft Windows Server 2019 Standard SSL Certificate with Wrong Hostname 7070 Medium Open 5 The 'commonName' (CN) attribute of the SSL certificate presented for Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
this service is for a different machine.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
229 192.168.42.25 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 3389 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
230 192.168.42.25 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 7070 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

234 192.168.42.25 Microsoft Windows Server 2019 Standard TLS Version 1.0 Protocol Detection 3389 Medium Open 6.1 As of March 31, 2020, Endpoints that arenâ€™t enabled for TLS 1.2 Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0. We do not require TLS on Windows server.
and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30,
2018, except for POS POI terminals (and the SSL/TLS termination
points to which they connect) that can be verified as not being
susceptible to any known exploits.
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for
current and recommended
cipher suites. Ciphers that support encryption before MAC computation, and authenticated
encryption modes such as GCM
235 192.168.42.25 Microsoft Windows Server 2019 Standard TLS Version 1.1 Protocol Deprecated 3389 Medium Open 6.1 cannot be used with TLS 1.1 Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1. We do not require TLS on Windows server.

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer
function properly with major
web browsers and major vendors.
The server's X.509 certificate cannot be trusted. This situation can
occur in three different ways, in which the chain of trust can be
broken, as stated below :

- First, the top of the certificate chain sent by the

- Second, the certificate chain may contain a certificate

that is not valid at the time of the scan. This can
236 192.168.42.101 Microsoft Windows Server 2019 Standard SSL Certificate Cannot Be Trusted 9090 Medium Open 6.4 occur either when the scan occurs before one of the Purchase or generate a proper SSL certificate for this service. We do not require SSL on Windows server.
certificate's 'notBefore' dates, or after one of the
certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature

If the remote host is a public host in production, any break in the

chain makes it more difficult for users to verify the authenticity and
Change RDP encryption level to :
237 192.168.1.196 Microsoft Windows Server 2019 Standard Terminal Services Encryption Level is not FIPS-140 Compliant 3389 Low Open 2.6 The encryption setting used by the remote Terminal Services service
We do not require Terminal on Windows server.
is not FIPS-140 compliant.
4. FIPS Compliant
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
238 192.168.1.196 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
239 192.168.1.197 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 443 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
240 192.168.1.197 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 2048 bits. According to industry standards
set by the Certification Authority/Browser (CA/B) Forum, certificates
issued after January 1, 2014 must be at least 2048 bits.
Replace the certificate in the chain with the RSA key less than 2048
241 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Chain Contains RSA Keys Less Than 2048 bits 1832 Low Open Some browser SSL implementations may reject keys less than 2048 bits
bits in length with a longer key, and reissue any certificates signed We do not require SSL on Windows server.
after January 1, 2014. Additionally, some SSL certificate vendors may
by the old certificate.
revoke certificates less than 2048 bits before January 1, 2014.

Note that Nessus will not flag root certificates with RSA keys less
than 2048 bits if they were issued prior to December 31, 2010, as the
standard considers them exempt.
At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 2048 bits. According to industry standards
set by the Certification Authority/Browser (CA/B) Forum, certificates
issued after January 1, 2014 must be at least 2048 bits.
Replace the certificate in the chain with the RSA key less than 2048
242 192.168.1.254 Microsoft Windows Server 2019 Standard SSL Certificate Chain Contains RSA Keys Less Than 2048 bits 5500 Low Open Some browser SSL implementations may reject keys less than 2048 bits
bits in length with a longer key, and reissue any certificates signed We do not require SSL on Windows server.
after January 1, 2014. Additionally, some SSL certificate vendors may
by the old certificate.
revoke certificates less than 2048 bits before January 1, 2014.

Note that Nessus will not flag root certificates with RSA keys less
than 2048 bits if they were issued prior to December 31, 2010, as the
standard considers them exempt.
The remote host supports EXPORT_DHE cipher suites with keys less than
or equal to 512 bits. Through cryptanalysis, a third party can find
the shared secret in a short amount of time.
243 192.168.1.254 Microsoft Windows Server 2019 Standard SSL/TLS EXPORT_DHE <= 512-bit Export Cipher Suites Supported (Logjam) 5500 Low Open CVE-2015-4000 2.6 Reconfigure the service to remove support for EXPORT_DHE cipher
We do not require SSL on Windows server.
suites.
A man-in-the middle attacker may be able to downgrade the session to
use EXPORT_DHE cipher suites. Thus, it is recommended to remove
support for weak cipher suites.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
244 192.168.1.254 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 5500 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The SSH server is configured to support Cipher Block Chaining (CBC)
encryption. This may allow an attacker to recover the plaintext message
245 192.168.42.101 Microsoft Windows Server 2019 Standard SSH Server CBC Mode Ciphers Enabled 22 Low Open CVE-2008-5161 2.6 from the ciphertext. Contact the vendor or consult product documentation to disable CBC mode
We do not require SSH on Windows server.
cipher encryption, and enable CTR or GCM cipher mode encryption.
Note that this plugin only checks for the options of the SSH server and
does not check for vulnerable software versions.
The remote SSH server is configured to allow key exchange algorithms which are considered
weak.

This is based on the IETF draft document Key Exchange (KEX) Method Updates and
Recommendations for Secure Shell (SSH)
draft-ietf-curdle-ssh-kex-sha2-20. Section 4 lists guidance on key exchange algorithms that
SHOULD NOT and MUST NOT be
enabled. This includes:

diffie-hellman-group-exchange-sha1

246 192.168.42.101 Microsoft Windows Server 2019 Standard SSH Weak Key Exchange Algorithms Enabled 22 Low Open 2.6 diffie-hellman-group1-sha1 Contact the vendor or consult product documentation to disable the weak algorithms. We do not require SSH on Windows server.
gss-gex-sha1-*

gss-group1-sha1-*

gss-group14-sha1-*

rsa1024-sha1

Note that this plugin only checks for the options of the SSH server, and it does not check for
vulnerable software
versions.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
247 10.10.1.197 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
248 10.146.37.4 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
249 10.170.145.2 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
We do not require SSL on Windows server.
a short amount of time (depending on modulus size and attacker bits or greater.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
The remote host allows SSL/TLS connections with one or more
Diffie-Hellman moduli less than or equal to 1024 bits. Through
250 10.213.2.58 Microsoft Windows Server 2019 Standard SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 3389 Low Open CVE-2015-4000 2.6 cryptanalysis, a third party may be able to find the shared secret in
a short amount of time (depending on modulus size and attacker
Signer: GYANDEEP KHEMKA
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048
bits or greater.
We do not require SSL on Windows server.
resources). This may allow an attacker to recover the plaintext or
potentially violate the integrity of connections.
Date: Monday, April 3, 2023 5:36 PM
The SSH server is configured to support Cipher Block Chaining (CBC)
encryption. This may allow an attacker to recover the plaintext message
251 10.213.2.60 Microsoft Windows Server 2019 Standard SSH Server CBC Mode Ciphers Enabled 22 Low Open CVE-2008-5161 2.6 from the ciphertext. Contact the vendor or consult product documentation to disable CBC mode
We do not require SSH on Windows server.
cipher encryption, and enable CTR or GCM cipher mode encryption.
Note that this plugin only checks for the options of the SSH server and
does not check for vulnerable software versions.

Signer: GYANDEEP KHEMKA

Date: Monday, April 3, 2023 5:36 PM

SQL Myanmar PDF
100% (8)
SQL Myanmar PDF
96 pages
CISSP Guide To Security Essentials 1st Edition Ebook and TestBank Bundle PDF Download
No ratings yet
CISSP Guide To Security Essentials 1st Edition Ebook and TestBank Bundle PDF Download
308 pages
WatchGuard - Competitive Advantages
No ratings yet
WatchGuard - Competitive Advantages
37 pages
Ahnlab Eps 표준제안서
No ratings yet
Ahnlab Eps 표준제안서
46 pages
Why WatchGuard For SMBs-v2
100% (1)
Why WatchGuard For SMBs-v2
44 pages
CIS Controls Version 8 ES
No ratings yet
CIS Controls Version 8 ES
49 pages
Web - VAPT - Report - Blood - Bank - Prod-DT - 21.10.24 - V1.0
No ratings yet
Web - VAPT - Report - Blood - Bank - Prod-DT - 21.10.24 - V1.0
42 pages
2023 Top Routinely Exploited Vulnerabilities: Co-Authored by
No ratings yet
2023 Top Routinely Exploited Vulnerabilities: Co-Authored by
30 pages
Info Security - Information Security Essentials For IT Managers - B-ICT - Apr 2017
No ratings yet
Info Security - Information Security Essentials For IT Managers - B-ICT - Apr 2017
21 pages
AWS Solution Architect Class Notes
100% (2)
AWS Solution Architect Class Notes
22 pages
2022-23 VAPT Report-Signed-Signed
No ratings yet
2022-23 VAPT Report-Signed-Signed
23 pages
Arcon Epm Brochure
No ratings yet
Arcon Epm Brochure
8 pages
02 - Key Baseline Security Controls-REBIT-2018-CBI-RI-102 - 1
No ratings yet
02 - Key Baseline Security Controls-REBIT-2018-CBI-RI-102 - 1
22 pages
Network Security Checklist - 2023
No ratings yet
Network Security Checklist - 2023
6 pages
Ebook Essential Eight
No ratings yet
Ebook Essential Eight
17 pages
NIST Framework v11 Mapping 20A
No ratings yet
NIST Framework v11 Mapping 20A
33 pages
Checkpoint Cloud
No ratings yet
Checkpoint Cloud
27 pages
CISSP (Chapter 03) - Application Security
No ratings yet
CISSP (Chapter 03) - Application Security
67 pages
A Guide To Endpoint Privilege Management
No ratings yet
A Guide To Endpoint Privilege Management
22 pages
ESET PROTECT Essential Overview
No ratings yet
ESET PROTECT Essential Overview
4 pages
A Comprehensive Guide To The Essential Eight
No ratings yet
A Comprehensive Guide To The Essential Eight
14 pages
IVI 2032 Asd Essential 8 WP - A4
No ratings yet
IVI 2032 Asd Essential 8 WP - A4
13 pages
Morningstar Report-636d1777e26a17cb57991b29
No ratings yet
Morningstar Report-636d1777e26a17cb57991b29
23 pages
Vulnerability Advisory - Citrix
No ratings yet
Vulnerability Advisory - Citrix
8 pages
CVE Mitigations
No ratings yet
CVE Mitigations
18 pages
Essential Eight Maturity Model FAQ (October 2024)
No ratings yet
Essential Eight Maturity Model FAQ (October 2024)
12 pages
Manage Engine Endpoint Central - Datasheet
No ratings yet
Manage Engine Endpoint Central - Datasheet
3 pages
Network Security Report
No ratings yet
Network Security Report
33 pages
Security Vulnerability
No ratings yet
Security Vulnerability
37 pages
Converge Threat Intel Report 2025 JANUARY
No ratings yet
Converge Threat Intel Report 2025 JANUARY
16 pages
100+ Tools To Stay Anonymous Online
100% (1)
100+ Tools To Stay Anonymous Online
6 pages
IT Assessement Report
No ratings yet
IT Assessement Report
62 pages
2023-03!09!10!19!37-Bitdefender MSP First Meeting Deck - V9
No ratings yet
2023-03!09!10!19!37-Bitdefender MSP First Meeting Deck - V9
38 pages
ESET Enterprise Inspector Product Overview
No ratings yet
ESET Enterprise Inspector Product Overview
16 pages
Essential 8 Info Sheet - August2023
No ratings yet
Essential 8 Info Sheet - August2023
4 pages
Bd5xz7jyaf2a EndpointSecurityOverview204 P1Deck3
No ratings yet
Bd5xz7jyaf2a EndpointSecurityOverview204 P1Deck3
27 pages
Session 5 - MIS
No ratings yet
Session 5 - MIS
25 pages
Cloud SWG Customer Deck
No ratings yet
Cloud SWG Customer Deck
36 pages
CITS1003 6 Vulnerabilities
No ratings yet
CITS1003 6 Vulnerabilities
34 pages
Presentation by CSA (4 Jun)
No ratings yet
Presentation by CSA (4 Jun)
35 pages
CYB FORM 00 1 Gap Assessment Tool
No ratings yet
CYB FORM 00 1 Gap Assessment Tool
9 pages
Big Breaches
No ratings yet
Big Breaches
12 pages
Microsoft Security Essentials Reviewers Guide
No ratings yet
Microsoft Security Essentials Reviewers Guide
20 pages
Week 7 Assignment
No ratings yet
Week 7 Assignment
2 pages
Critical Software
No ratings yet
Critical Software
4 pages
EC Council Essentials Series Professional Brochure 1
No ratings yet
EC Council Essentials Series Professional Brochure 1
15 pages
Corp Narrative
No ratings yet
Corp Narrative
15 pages
Sophos Intercept X Essentials Faq
No ratings yet
Sophos Intercept X Essentials Faq
2 pages
PROTECT - Essential Eight Explained (November 2023)
No ratings yet
PROTECT - Essential Eight Explained (November 2023)
3 pages
VICBHE Module 10 Practical 6nuu2
No ratings yet
VICBHE Module 10 Practical 6nuu2
5 pages
Essentials Brochure1000
No ratings yet
Essentials Brochure1000
11 pages
Endpoint Protection Essential - Partners
No ratings yet
Endpoint Protection Essential - Partners
1 page
Focus On Cyber Security and Cloud1
No ratings yet
Focus On Cyber Security and Cloud1
1 page
As The Chief Information Security Officer of NASH
No ratings yet
As The Chief Information Security Officer of NASH
3 pages
Security Maturity Model. Even Cybersecurity Needs To Grow Up (En)
No ratings yet
Security Maturity Model. Even Cybersecurity Needs To Grow Up (En)
3 pages
Network Security Threats
No ratings yet
Network Security Threats
14 pages
1.sequential Circuits
No ratings yet
1.sequential Circuits
119 pages
Endpoint Resilicne Webinar
No ratings yet
Endpoint Resilicne Webinar
33 pages
Computer Security Essential Terms
No ratings yet
Computer Security Essential Terms
4 pages
Protect Yourself From Antivirus
No ratings yet
Protect Yourself From Antivirus
8 pages
The ASD Essential Eight: About NCC Group
No ratings yet
The ASD Essential Eight: About NCC Group
1 page
Vbuilder Manual PDF
No ratings yet
Vbuilder Manual PDF
303 pages
Panel Builder 600 - EN
No ratings yet
Panel Builder 600 - EN
416 pages
Risk Assesment Report 1
No ratings yet
Risk Assesment Report 1
4 pages
Sim-Acc-224l v0 Cain Final
No ratings yet
Sim-Acc-224l v0 Cain Final
87 pages
Undercarriage Inspection Service Undercarriage Inspection Service
No ratings yet
Undercarriage Inspection Service Undercarriage Inspection Service
2 pages
FRAM Utilities UsersGuide
No ratings yet
FRAM Utilities UsersGuide
70 pages
Voice Based Email System
No ratings yet
Voice Based Email System
40 pages
Emerging Trends in ERP Technology
No ratings yet
Emerging Trends in ERP Technology
7 pages
Presentation Hotel Management System SQL
100% (1)
Presentation Hotel Management System SQL
20 pages
Vishal Kumar Singh CV - 2024
No ratings yet
Vishal Kumar Singh CV - 2024
3 pages
Abb Automation
No ratings yet
Abb Automation
52 pages
Understanding Computer Hardware and Peripherals
No ratings yet
Understanding Computer Hardware and Peripherals
58 pages
9XR Motherboard Connector Pinout J1 Right Switches Atmega
No ratings yet
9XR Motherboard Connector Pinout J1 Right Switches Atmega
2 pages
‎⁨کامپیوتر صنف دوازدهم⁩
No ratings yet
‎⁨کامپیوتر صنف دوازدهم⁩
114 pages
ASA Failover Troubleshooting On 7.x and 8
No ratings yet
ASA Failover Troubleshooting On 7.x and 8
5 pages
User'S Manual: Revision 1.0a
No ratings yet
User'S Manual: Revision 1.0a
126 pages
String Manipulation Using Operator Overloading - The Code Gallery
No ratings yet
String Manipulation Using Operator Overloading - The Code Gallery
6 pages
Fliphtml5 Com
No ratings yet
Fliphtml5 Com
2 pages
Aurix™, Tricore™, Xc2000, Xe166, Xc800 Families Dap Connector
No ratings yet
Aurix™, Tricore™, Xc2000, Xe166, Xc800 Families Dap Connector
15 pages
Lab 14.6.6.2 Configure A Site-To-Site Ipsec VPN Tunnel Using Cli
No ratings yet
Lab 14.6.6.2 Configure A Site-To-Site Ipsec VPN Tunnel Using Cli
9 pages
Mobile Agent
No ratings yet
Mobile Agent
22 pages
A Systolic FFT Architecture For Real Time FPGA Systems
No ratings yet
A Systolic FFT Architecture For Real Time FPGA Systems
22 pages
Homework 4 Solutions ECE 426 Spring 2018 Gabriel Kuri
No ratings yet
Homework 4 Solutions ECE 426 Spring 2018 Gabriel Kuri
2 pages
HVDC - DC Protection Engineer
No ratings yet
HVDC - DC Protection Engineer
1 page
Inter RAT Mobility Management
No ratings yet
Inter RAT Mobility Management
6 pages
CCNA Course
No ratings yet
CCNA Course
4 pages
Java Spring - Thumbnail Generating
No ratings yet
Java Spring - Thumbnail Generating
14 pages