| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Service | Severity | Description |
| www (80/tcp) | Port is open | |
| telnet (23/tcp) | Port is open | |
| telnet (23/tcp) | The Telnet service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the telnet client and the telnet server. This includes logins and passwords. Solution: If you are running a Unix-type system, OpenSSH can be used instead of telnet. For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf. For Unix systems which use xinetd, you will need to modify the telnet services file in the /etc/xinetd.d folder. After making any changes to xinetd or inetd configuration files, you must restart the service in order for the changes to take affect. In addition, many different router and switch manufacturers support SSH as a telnet replacement. You should contact your vendor for a solution which uses an encrypted session. Risk factor : Low CVE : CAN-1999-0619 | |
| www (80/tcp) | The following directories were discovered: /cgi-bin, /html While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other references : OWASP:OWASP-CM-006 | |
| www (80/tcp) | The following CGI have been discovered : Syntax : cginame (arguments [default value]) /cgi-bin/webcm (getpage [../html/home.htm] errorpage [../html/index.html] login:command/username [admin] login:command/password [] var:errormsg [Error] ) Directory index found at /html/css/ Directory index found at /html/images/ | |
| www (80/tcp) | The remote web server type is : | |
| www (80/tcp) | A web server is running on this port | |
| telnet (23/tcp) | A telnet server seems to be running on this port | |
| general/udp | For your information, here is the traceroute to 10.0.0.30 : 10.0.0.59 10.0.0.30 | |
| telnet (23/tcp) | Remote telnet banner : BusyBox on mygateway login: |