fortuna oieuu3
DESCRIPTION
darkTRANSCRIPT
-
Nessus ReportNessus Scan Report15/Oct/2014:23:00:16
Nessus Home: Commercial use of the report is prohibitedAny time Nessus is used in a commercial environment you MUST maintain an activesubscription to the Nessus Feed in order to be compliant with our license agreement:http://www.tenable.com/products/nessus
-
Table Of ContentsHosts Summary (Executive).................................................................................................3
172.29.1.19..................................................................................................................................................................4172.29.1.62..................................................................................................................................................................5
Vulnerabilities By Host......................................................................................................... 7172.29.1.19..................................................................................................................................................................8172.29.1.62................................................................................................................................................................21
Vulnerabilities By Plugin.....................................................................................................3718405 (2) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness............................ 3857608 (2) - SMB Signing Required.......................................................................................................................... 3957690 (2) - Terminal Services Encryption Level is Medium or Low.........................................................................4058453 (2) - Terminal Services Doesn't Use Network Level Authentication (NLA)....................................................4151192 (1) - SSL Certificate Cannot Be Trusted....................................................................................................... 4257582 (1) - SSL Self-Signed Certificate................................................................................................................... 4330218 (2) - Terminal Services Encryption Level is not FIPS-140 Compliant........................................................... 4411219 (7) - Nessus SYN scanner.............................................................................................................................4511011 (3) - Microsoft Windows SMB Service Detection...........................................................................................4610107 (2) - HTTP Server Type and Version............................................................................................................ 4710114 (2) - ICMP Timestamp Request Remote Date Disclosure.............................................................................4810287 (2) - Traceroute Information...........................................................................................................................4910394 (2) - Microsoft Windows SMB Log In Possible..............................................................................................5010785 (2) - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure.......................... 5111936 (2) - OS Identification.....................................................................................................................................5219506 (2) - Nessus Scan Information.......................................................................................................................5322964 (2) - Service Detection...................................................................................................................................5524260 (2) - HyperText Transfer Protocol (HTTP) Information..................................................................................5624786 (2) - Nessus Windows Scan Not Performed with Admin Privileges.............................................................. 5725220 (2) - TCP/IP Timestamps Supported............................................................................................................. 5826917 (2) - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry.............................. 5942410 (2) - Microsoft Windows NTLMSSP Authentication Request Remote Network Name Disclosure................. 6043111 (2) - HTTP Methods Allowed (per directory)................................................................................................. 6145590 (2) - Common Platform Enumeration (CPE)..................................................................................................6254615 (2) - Device Type...........................................................................................................................................6366334 (2) - Patch Report..........................................................................................................................................6410863 (1) - SSL Certificate Information....................................................................................................................6510940 (1) - Windows Terminal Services Enabled.................................................................................................... 6645410 (1) - SSL Certificate commonName Mismatch.............................................................................................. 6756984 (1) - SSL / TLS Versions Supported..............................................................................................................6864814 (1) - Terminal Services Use SSL/TLS........................................................................................................... 6966173 (1) - RDP Screenshot.................................................................................................................................... 70
-
Hosts Summary (Executive)
-
4172.29.1.19Summary
Critical High Medium Low Info Total
0 0 4 1 19 24
DetailsSeverity Plugin Id Name
Medium (5.1) 18405 Microsoft Windows Remote Desktop Protocol Server Man-in-the-MiddleWeakness
Medium (5.0) 57608 SMB Signing Required
Medium (4.3) 57690 Terminal Services Encryption Level is Medium or Low
Medium (4.3) 58453 Terminal Services Doesn't Use Network Level Authentication (NLA)
Low (2.6) 30218 Terminal Services Encryption Level is not FIPS-140 Compliant
Info 10107 HTTP Server Type and Version
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10287 Traceroute Information
Info 10394 Microsoft Windows SMB Log In Possible
Info 10785 Microsoft Windows SMB NativeLanManager Remote System InformationDisclosure
Info 11011 Microsoft Windows SMB Service Detection
Info 11219 Nessus SYN scanner
Info 11936 OS Identification
Info 19506 Nessus Scan Information
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 24786 Nessus Windows Scan Not Performed with Admin Privileges
Info 25220 TCP/IP Timestamps Supported
Info 26917 Microsoft Windows SMB Registry : Nessus Cannot Access the WindowsRegistry
Info 42410 Microsoft Windows NTLMSSP Authentication Request Remote NetworkName Disclosure
Info 43111 HTTP Methods Allowed (per directory)
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 66334 Patch Report
-
5172.29.1.62Summary
Critical High Medium Low Info Total
0 0 6 1 25 32
DetailsSeverity Plugin Id Name
Medium (6.4) 51192 SSL Certificate Cannot Be Trusted
Medium (6.4) 57582 SSL Self-Signed Certificate
Medium (5.1) 18405 Microsoft Windows Remote Desktop Protocol Server Man-in-the-MiddleWeakness
Medium (5.0) 57608 SMB Signing Required
Medium (4.3) 57690 Terminal Services Encryption Level is Medium or Low
Medium (4.3) 58453 Terminal Services Doesn't Use Network Level Authentication (NLA)
Low (2.6) 30218 Terminal Services Encryption Level is not FIPS-140 Compliant
Info 10107 HTTP Server Type and Version
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10287 Traceroute Information
Info 10394 Microsoft Windows SMB Log In Possible
Info 10785 Microsoft Windows SMB NativeLanManager Remote System InformationDisclosure
Info 10863 SSL Certificate Information
Info 10940 Windows Terminal Services Enabled
Info 11011 Microsoft Windows SMB Service Detection
Info 11219 Nessus SYN scanner
Info 11936 OS Identification
Info 19506 Nessus Scan Information
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 24786 Nessus Windows Scan Not Performed with Admin Privileges
Info 25220 TCP/IP Timestamps Supported
Info 26917 Microsoft Windows SMB Registry : Nessus Cannot Access the WindowsRegistry
Info 42410 Microsoft Windows NTLMSSP Authentication Request Remote NetworkName Disclosure
-
6Info 43111 HTTP Methods Allowed (per directory)
Info 45410 SSL Certificate commonName Mismatch
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 56984 SSL / TLS Versions Supported
Info 64814 Terminal Services Use SSL/TLS
Info 66173 RDP Screenshot
Info 66334 Patch Report
-
Vulnerabilities By Host
-
8172.29.1.19Scan Information
Start time: Wed Oct 15 23:00:17 2014
End time: Wed Oct 15 23:04:32 2014
Host InformationNetbios Name: PEHERACOSQ
IP: 172.29.1.19
OS: Microsoft Windows Server 2008 R2
Results SummaryCritical High Medium Low Info Total
0 0 4 1 23 28
Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk FactorNone
ReferencesCVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18
Portsicmp/0
The ICMP timestamps seem to be in little endian format (not in network format)The difference between the local and remote clocks is 172 seconds.
0/tcp24786 - Nessus Windows Scan Not Performed with Admin PrivilegesSynopsis
The Nessus scan of this host may be incomplete due to insufficient privileges provided.Description
The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, howeverthese credentials do not have administrative privileges.
-
9Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs onthe remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends todetermine if a patch has been applied.If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back toperform a patch audit through the registry which may lead to false positives (especially when using third-party patchauditing tools) or to false negatives (not all patches can be detected through the registry).
SolutionReconfigure your scanner to use credentials with administrative privileges.
Risk FactorNone
Plugin Information:Publication date: 2007/03/12, Modification date: 2013/01/07
Portstcp/0
It was not possible to connect to '\\PEHERACOSQ\ADMIN$' with the supplied credentials.
25220 - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Alsohttp://www.ietf.org/rfc/rfc1323.txt
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Portstcp/011936 - OS IdentificationSynopsis
It is possible to guess the remote operating system.Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Portstcp/0
Remote operating system : Microsoft Windows Server 2008 R2Confidence Level : 75Method : HTTP
-
10
The remote host is running Microsoft Windows Server 2008 R2
54615 - Device TypeSynopsis
It is possible to guess the remote device type.Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Portstcp/0
Remote device type : general-purposeConfidence level : 75
45590 - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Alsohttp://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/09/19
Portstcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5
66334 - Patch ReportSynopsis
The remote host is missing several patches.Description
The remote host is missing one or several security patches. This plugin lists the newest version of each patch to installto make sure the remote host is up-to-date.
Solution
-
11
Install the patches listed below.Risk Factor
None
Plugin Information:Publication date: 2013/07/08, Modification date: 2014/09/09
Portstcp/0
. You need to take the following action:[ Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness (18405) ]
+ Action to take: - Force the use of SSL as a transport layer for this service if supported, or/and
- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.
19506 - Nessus Scan InformationSynopsis
Information about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/07/29
Portstcp/0
Information about this scan :
Nessus version : 5.2.7Plugin feed version : 201410070915Scanner edition used : Nessus HomeScan policy used : full_internaScanner IP : 10.240.5.21Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabled
-
12
Web application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/10/15 23:00 SA Pacific Standard TimeScan duration : 251 sec
0/udp10287 - Traceroute InformationSynopsis
It was possible to obtain traceroute information.Description
Makes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Portsudp/0
For your information, here is the traceroute from 10.240.5.21 to 172.29.1.19 : 10.240.5.2110.240.5.1172.29.1.19
80/tcp11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/80
Port 80/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solutionn/a
-
13
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/07/24
Portstcp/80
A web server is running on this port.
43111 - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/12/10, Modification date: 2013/05/09
Portstcp/80
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
10107 - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.Description
This plugin attempts to determine the type and the version of the remote web server.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2000/01/04, Modification date: 2014/08/01
Portstcp/80
The remote web server type is :
Microsoft-IIS/7.5
24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
-
14
DescriptionThis test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/01/30, Modification date: 2011/05/31
Portstcp/80
Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :
Server: Microsoft-IIS/7.5 Date: Thu, 16 Oct 2014 03:58:09 GMT Content-Length: 0
139/tcp11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/139
Port 139/tcp was found to be open
11011 - Microsoft Windows SMB Service DetectionSynopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,used to provide shared access to files, printers, etc between nodes on a network.
Solutionn/a
Risk FactorNone
Plugin Information:
-
15
Publication date: 2002/06/05, Modification date: 2012/01/31Portstcp/139
An SMB server is running on this port.
445/tcp57608 - SMB Signing RequiredSynopsis
Signing is not required on the remote SMB server.Description
Signing is not required on the remote SMB server. This can allow man-in-the-middle attacks against the SMB server.See Also
http://support.microsoft.com/kb/887429
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
SolutionEnforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft networkserver:Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links forfurther details.
Risk FactorMedium
CVSS Base Score5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:Publication date: 2012/01/19, Modification date: 2014/08/05
Portstcp/44511219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
-
16
tcp/445Port 445/tcp was found to be open
11011 - Microsoft Windows SMB Service DetectionSynopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,used to provide shared access to files, printers, etc between nodes on a network.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2002/06/05, Modification date: 2012/01/31
Portstcp/445
A CIFS server is running on this port.
42410 - Microsoft Windows NTLMSSP Authentication Request Remote Network Name DisclosureSynopsis
It is possible to obtain the network name of the remote host.Description
The remote host listens on tcp port 445 and replies to SMB requests.By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the nameof its domain.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/11/06, Modification date: 2011/03/27
Portstcp/445
The following 2 NetBIOS names have been gathered :
PEHERACOSQ = Computer name PERU = Workgroup / Domain name
10785 - Microsoft Windows SMB NativeLanManager Remote System Information DisclosureSynopsis
It is possible to obtain information about the remote operating system.Description
It is possible to get the remote operating system name and version (Windows and/or Samba) by sending anauthentication request to port 139 or 445.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2001/10/17, Modification date: 2014/04/09
-
17
Portstcp/445
The remote Operating System is : Windows Server 2008 R2 Enterprise 7601 Service Pack 1The remote native lan manager is : Windows Server 2008 R2 Enterprise 6.1The remote SMB Domain Name is : PERU
10394 - Microsoft Windows SMB Log In PossibleSynopsis
It is possible to log into the remote host.Description
The remote host is running Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It waspossible to log into it using one of the following accounts :- NULL session- Guest account- Given Credentials
See Alsohttp://support.microsoft.com/kb/143474
http://support.microsoft.com/kb/246261
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2000/05/09, Modification date: 2014/10/06
Portstcp/445
- NULL sessions are enabled on the remote host
26917 - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows RegistrySynopsis
Nessus is not able to access the remote Windows Registry.Description
It was not possible to connect to PIPE\winreg on the remote host.If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'RemoteRegistry Access'service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/10/04, Modification date: 2011/03/27
Portstcp/445
Could not connect to the registry because:Could not connect to \winreg
3389/tcp58453 - Terminal Services Doesn't Use Network Level Authentication (NLA)Synopsis
The remote Terminal Services doesn't use Network Level Authentication.Description
-
18
The remote Terminal Services is not configured to use Network Level Authentication (NLA). NLA uses the CredentialSecurity Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL orKerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLAalso helps protect the remote computer from malicious users and software by completing user authentication before afull RDP connection is established.
See Alsohttp://technet.microsoft.com/en-us/library/cc732713.aspx
http://www.nessus.org/u?e2628096
SolutionEnable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab ofthe 'System' settings on Windows.
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/03/23, Modification date: 2013/08/05
Portstcp/338957690 - Terminal Services Encryption Level is Medium or LowSynopsis
The remote host is using weak cryptography.Description
The remote Terminal Services service is not configured to use strong cryptography.Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easilyand obtain screenshots and/or keystrokes.
SolutionChange RDP encryption level to one of :3. High4. FIPS Compliant
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/01/25, Modification date: 2014/01/07
Portstcp/3389
The terminal services encryption level is set to :
2. Medium
18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle WeaknessSynopsis
It may be possible to get access to the remote host.Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle(MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. Anattacker with the ability to intercept traffic from the RDP server can establish encryption with the client and serverwithout being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive informationtransmitted, including authentication credentials.
-
19
This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any localuser with access to this file (on any Windows system) can retrieve the key and use it for this attack.
See Alsohttp://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?e2628096
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution- Force the use of SSL as a transport layer for this service if supported, or/and- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication'setting if it is available.
Risk FactorMedium
CVSS Base Score5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score4.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
ReferencesBID 13818
CVE CVE-2005-1794
XREF OSVDB:17131
Plugin Information:Publication date: 2005/06/01, Modification date: 2014/03/04
Portstcp/338930218 - Terminal Services Encryption Level is not FIPS-140 CompliantSynopsis
The remote host is not FIPS-140 compliant.Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.Solution
Change RDP encryption level to :4. FIPS Compliant
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2008/02/11, Modification date: 2014/01/07
Portstcp/3389
The terminal services encryption level is set to :
2. Medium (Client Compatible)
11219 - Nessus SYN scannerSynopsis
-
20
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/3389
Port 3389/tcp was found to be open
-
21
172.29.1.62Scan Information
Start time: Wed Oct 15 23:00:17 2014
End time: Wed Oct 15 23:04:47 2014
Host InformationNetbios Name: PEHERACOSQ
IP: 172.29.1.62
OS: Microsoft Windows Server 2008 R2 Enterprise Service Pack 1
Results SummaryCritical High Medium Low Info Total
0 0 6 1 27 34
Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk FactorNone
ReferencesCVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18
Portsicmp/0
The ICMP timestamps seem to be in little endian format (not in network format)The difference between the local and remote clocks is 141 seconds.
0/tcp24786 - Nessus Windows Scan Not Performed with Admin PrivilegesSynopsis
The Nessus scan of this host may be incomplete due to insufficient privileges provided.Description
The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, howeverthese credentials do not have administrative privileges.
-
22
Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs onthe remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends todetermine if a patch has been applied.If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back toperform a patch audit through the registry which may lead to false positives (especially when using third-party patchauditing tools) or to false negatives (not all patches can be detected through the registry).
SolutionReconfigure your scanner to use credentials with administrative privileges.
Risk FactorNone
Plugin Information:Publication date: 2007/03/12, Modification date: 2013/01/07
Portstcp/0
It was not possible to connect to '\\PEHERACOSQ\ADMIN$' with the supplied credentials.
25220 - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Alsohttp://www.ietf.org/rfc/rfc1323.txt
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Portstcp/011936 - OS IdentificationSynopsis
It is possible to guess the remote operating system.Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Portstcp/0
Remote operating system : Microsoft Windows Server 2008 R2 Enterprise Service Pack 1Confidence Level : 99Method : MSRPC
-
23
The remote host is running Microsoft Windows Server 2008 R2 Enterprise Service Pack 1
54615 - Device TypeSynopsis
It is possible to guess the remote device type.Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Portstcp/0
Remote device type : general-purposeConfidence level : 99
45590 - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Alsohttp://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/09/19
Portstcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2008:r2:sp1:enterprise
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5
66334 - Patch ReportSynopsis
The remote host is missing several patches.Description
The remote host is missing one or several security patches. This plugin lists the newest version of each patch to installto make sure the remote host is up-to-date.
Solution
-
24
Install the patches listed below.Risk Factor
None
Plugin Information:Publication date: 2013/07/08, Modification date: 2014/09/09
Portstcp/0
. You need to take the following action:[ Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness (18405) ]
+ Action to take: - Force the use of SSL as a transport layer for this service if supported, or/and
- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication' setting if it is available.
19506 - Nessus Scan InformationSynopsis
Information about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/07/29
Portstcp/0
Information about this scan :
Nessus version : 5.2.7Plugin feed version : 201410070915Scanner edition used : Nessus HomeScan policy used : full_internaScanner IP : 10.240.5.21Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabled
-
25
Web application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/10/15 23:00 SA Pacific Standard TimeScan duration : 266 sec
0/udp10287 - Traceroute InformationSynopsis
It was possible to obtain traceroute information.Description
Makes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Portsudp/0
For your information, here is the traceroute from 10.240.5.21 to 172.29.1.62 : 10.240.5.2110.240.5.1172.29.1.62
80/tcp11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/80
Port 80/tcp was found to be open
22964 - Service DetectionSynopsis
The remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solutionn/a
-
26
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/07/24
Portstcp/80
A web server is running on this port.
43111 - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/12/10, Modification date: 2013/05/09
Portstcp/80
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
10107 - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.Description
This plugin attempts to determine the type and the version of the remote web server.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2000/01/04, Modification date: 2014/08/01
Portstcp/80
The remote web server type is :
Microsoft-IIS/7.5
24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.
-
27
DescriptionThis test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/01/30, Modification date: 2011/05/31
Portstcp/80
Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :
Server: Microsoft-IIS/7.5 Date: Thu, 16 Oct 2014 03:58:29 GMT Content-Length: 0
445/tcp57608 - SMB Signing RequiredSynopsis
Signing is not required on the remote SMB server.Description
Signing is not required on the remote SMB server. This can allow man-in-the-middle attacks against the SMB server.See Also
http://support.microsoft.com/kb/887429
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
SolutionEnforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft networkserver:Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links forfurther details.
Risk FactorMedium
CVSS Base Score5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:Publication date: 2012/01/19, Modification date: 2014/08/05
Portstcp/445
-
28
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/445
Port 445/tcp was found to be open
11011 - Microsoft Windows SMB Service DetectionSynopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,used to provide shared access to files, printers, etc between nodes on a network.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2002/06/05, Modification date: 2012/01/31
Portstcp/445
A CIFS server is running on this port.
42410 - Microsoft Windows NTLMSSP Authentication Request Remote Network Name DisclosureSynopsis
It is possible to obtain the network name of the remote host.Description
The remote host listens on tcp port 445 and replies to SMB requests.By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the nameof its domain.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/11/06, Modification date: 2011/03/27
Portstcp/445
The following 2 NetBIOS names have been gathered :
-
29
PEHERACOSQ = Computer name PERU = Workgroup / Domain name
10785 - Microsoft Windows SMB NativeLanManager Remote System Information DisclosureSynopsis
It is possible to obtain information about the remote operating system.Description
It is possible to get the remote operating system name and version (Windows and/or Samba) by sending anauthentication request to port 139 or 445.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2001/10/17, Modification date: 2014/04/09
Portstcp/445
The remote Operating System is : Windows Server 2008 R2 Enterprise 7601 Service Pack 1The remote native lan manager is : Windows Server 2008 R2 Enterprise 6.1The remote SMB Domain Name is : PERU
10394 - Microsoft Windows SMB Log In PossibleSynopsis
It is possible to log into the remote host.Description
The remote host is running Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It waspossible to log into it using one of the following accounts :- NULL session- Guest account- Given Credentials
See Alsohttp://support.microsoft.com/kb/143474
http://support.microsoft.com/kb/246261
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2000/05/09, Modification date: 2014/10/06
Portstcp/445
- NULL sessions are enabled on the remote host
26917 - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows RegistrySynopsis
Nessus is not able to access the remote Windows Registry.Description
It was not possible to connect to PIPE\winreg on the remote host.If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'RemoteRegistry Access'service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Solution
-
30
n/aRisk Factor
None
Plugin Information:Publication date: 2007/10/04, Modification date: 2011/03/27
Portstcp/445
Could not connect to the registry because:Could not connect to IPC$
3389/tcp51192 - SSL Certificate Cannot Be TrustedSynopsis
The SSL certificate for this service cannot be trusted.Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation canoccur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.First, the top of the certificate chain sent by the server might not be descended from a known public certificateauthority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or whenintermediate certificates are missing that would connect the top of the certificate chain to a known public certificateauthority.Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur eitherwhen the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could notbe verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessuseither does not support or does not recognize.If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify theauthenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against theremote host.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2010/12/15, Modification date: 2014/02/27
Portstcp/3389
The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority :
|-Subject : CN=PEHERACOSQ.PERU.FSM.CORP|-Issuer : CN=PEHERACOSQ.PERU.FSM.CORP
57582 - SSL Self-Signed CertificateSynopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is apublic host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack againstthe remote host.
-
31
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signedby an unrecognized certificate authority.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2012/01/17, Modification date: 2012/10/25
Portstcp/3389
The following certificate was found at the top of the certificatechain sent by the remote host, but is self-signed and was notfound in the list of known certificate authorities :
|-Subject : CN=PEHERACOSQ.PERU.FSM.CORP58453 - Terminal Services Doesn't Use Network Level Authentication (NLA)Synopsis
The remote Terminal Services doesn't use Network Level Authentication.Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA). NLA uses the CredentialSecurity Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL orKerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLAalso helps protect the remote computer from malicious users and software by completing user authentication before afull RDP connection is established.
See Alsohttp://technet.microsoft.com/en-us/library/cc732713.aspx
http://www.nessus.org/u?e2628096
SolutionEnable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab ofthe 'System' settings on Windows.
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/03/23, Modification date: 2013/08/05
Portstcp/338957690 - Terminal Services Encryption Level is Medium or LowSynopsis
The remote host is using weak cryptography.Description
The remote Terminal Services service is not configured to use strong cryptography.Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easilyand obtain screenshots and/or keystrokes.
SolutionChange RDP encryption level to one of :
-
32
3. High4. FIPS Compliant
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/01/25, Modification date: 2014/01/07
Portstcp/3389
The terminal services encryption level is set to :
2. Medium
18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle WeaknessSynopsis
It may be possible to get access to the remote host.Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle(MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. Anattacker with the ability to intercept traffic from the RDP server can establish encryption with the client and serverwithout being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive informationtransmitted, including authentication credentials.This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any localuser with access to this file (on any Windows system) can retrieve the key and use it for this attack.
See Alsohttp://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?e2628096
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution- Force the use of SSL as a transport layer for this service if supported, or/and- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication'setting if it is available.
Risk FactorMedium
CVSS Base Score5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score4.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
ReferencesBID 13818
CVE CVE-2005-1794
XREF OSVDB:17131
Plugin Information:Publication date: 2005/06/01, Modification date: 2014/03/04
Portstcp/338930218 - Terminal Services Encryption Level is not FIPS-140 Compliant
-
33
SynopsisThe remote host is not FIPS-140 compliant.
DescriptionThe encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.
SolutionChange RDP encryption level to :4. FIPS Compliant
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2008/02/11, Modification date: 2014/01/07
Portstcp/3389
The terminal services encryption level is set to :
2. Medium (Client Compatible)
11219 - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Portstcp/3389
Port 3389/tcp was found to be open
10940 - Windows Terminal Services EnabledSynopsis
The remote Windows host has Terminal Services enabled.Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on theremote host).If an attacker gains a valid login and password, this service could be used to gain further access on the remote host.An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackersto steal the credentials of legitimate users by impersonating the Windows server.
SolutionDisable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk FactorNone
-
34
Plugin Information:Publication date: 2002/04/20, Modification date: 2014/06/06
Portstcp/338966173 - RDP ScreenshotSynopsis
It is possible to take a screenshot of the remote login screen.Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take ascreenshot of the login screen.While this is not a vulnerability by itself, some versions of Windows display the names of the users who can connectand which ones are connected already.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2013/04/22, Modification date: 2014/01/07
Portstcp/3389
It was possible to gather the following screenshot of the remote login screen.
64814 - Terminal Services Use SSL/TLSSynopsis
The remote Terminal Services use SSL/TLS.Description
The remote Terminal Services is configured to use SSL/TLS.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2013/02/22, Modification date: 2013/08/28
Portstcp/3389
Subject Name:
Common Name: PEHERACOSQ.PERU.FSM.CORP
Issuer Name:
Common Name: PEHERACOSQ.PERU.FSM.CORP
Serial Number: 52 33 A3 A9 BD 58 B5 A0 42 D2 EA 6C 80 78 16 EC
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Jul 18 17:48:29 2014 GMTNot Valid After: Jan 17 17:48:29 2015 GMT
Public Key Info:
Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 B6 4A D1 D6 B5 C1 1B EE 15 B1 D3 2F 21 24 8B 04 07 0E 2D
-
35
58 29 52 E5 EE D1 0E 3A 46 AA 7E BA BC 8D 4D D8 39 52 10 4C 26 E9 64 47 C3 2D 6B B7 A9 E9 14 55 41 AE 1C ED A9 96 CD E2 E0 83 56 36 26 6F 7A 48 25 44 47 1E 5D E9 4B E9 93 C0 F3 DD 5B C9 A6 BA 1A 4D AA BE 83 09 31 86 B6 1D 12 60 0B 4D FB FD F8 BF 88 31 61 F8 AC 64 90 1C 18 BE AE 1E 8C 11 5F 15 E8 69 99 D5 DD 5E 49 35 89 66 E0 B3 17 C0 7F BE 6D BB E4 87 85 E0 D2 AC 0E F3 64 A8 14 53 FA A1 86 23 CA ED 7E FB 7F 32 B3 F0 2F 80 71 1E 4F 64 7D E8 2A D8 CC 6B 9A 26 C9 B7 21 09 3C F0 DB 73 DA 0C A7 C5 48 D2 E6 45 BD F6 F0 42 31 06 F1 B3 05 2D 89 66 23 A5 36 C3 CE 88 4F D4 00 E9 C0 92 99 EE B0 5D AB 56 FA C9 16 DB 26 BD 24 65 79 72 32 2F 70 3A 25 96 C3 54 D6 F2 4D 24 43 0B 65 0E 07 79 FC BE 24 25 2C 26 FF 1A 27 Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bitsSignature: 00 12 F1 70 5D 45 8C BA 1F 36 42 75 0E 70 0C 37 A0 FD CE 64 D8 87 66 08 C6 F8 A5 84 1C 24 AB D3 27 B8 5E 32 AB 4D C8 6D 5D 5A 29 1F D5 AD ED 96 2F 04 2A AE A9 00 1D E3 95 2B ED 72 D6 7E D0 B9 1A C1 5E 7C 8C C1 F5 87 CE 1D 48 29 8E A6 82 64 DC 9E CA 70 1A 65 7F B1 DE 65 BD 14 56 24 83 C5 F3 36 84 B0 4C 7D 8F 83 52 5B 5B 3F F5 75 FB 44 EF 2F AE 6F ED 04 7B D9 E6 80 B2 48 7E 36 30 80 47 8C C4 D8 37 52 C9 F3 EE F1 2D 54 9E 8F 52 C0 C8 BB 48 C7 85 51 54 C5 91 C7 55 55 FE 28 74 52 55 0F 2A 1F 6B 19 80 3E 99 A9 C1 03 F6 88 99 D3 9D 77 2A 30 DE [...]
56984 - SSL / TLS Versions SupportedSynopsis
The remote service encrypts communications.Description
This script detects which SSL and TLS versions are supported by the remote service for encrypting communications.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2011/12/01, Modification date: 2014/04/14
Portstcp/3389
This port supports TLSv1.0.
10863 - SSL Certificate InformationSynopsis
This plugin displays the SSL certificate.Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2008/05/19, Modification date: 2012/04/02
Portstcp/3389
Subject Name:
Common Name: PEHERACOSQ.PERU.FSM.CORP
Issuer Name:
-
36
Common Name: PEHERACOSQ.PERU.FSM.CORP
Serial Number: 52 33 A3 A9 BD 58 B5 A0 42 D2 EA 6C 80 78 16 EC
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Jul 18 17:48:29 2014 GMTNot Valid After: Jan 17 17:48:29 2015 GMT
Public Key Info:
Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 B6 4A D1 D6 B5 C1 1B EE 15 B1 D3 2F 21 24 8B 04 07 0E 2D 58 29 52 E5 EE D1 0E 3A 46 AA 7E BA BC 8D 4D D8 39 52 10 4C 26 E9 64 47 C3 2D 6B B7 A9 E9 14 55 41 AE 1C ED A9 96 CD E2 E0 83 56 36 26 6F 7A 48 25 44 47 1E 5D E9 4B E9 93 C0 F3 DD 5B C9 A6 BA 1A 4D AA BE 83 09 31 86 B6 1D 12 60 0B 4D FB FD F8 BF 88 31 61 F8 AC 64 90 1C 18 BE AE 1E 8C 11 5F 15 E8 69 99 D5 DD 5E 49 35 89 66 E0 B3 17 C0 7F BE 6D BB E4 87 85 E0 D2 AC 0E F3 64 A8 14 53 FA A1 86 23 CA ED 7E FB 7F 32 B3 F0 2F 80 71 1E 4F 64 7D E8 2A D8 CC 6B 9A 26 C9 B7 21 09 3C F0 DB 73 DA 0C A7 C5 48 D2 E6 45 BD F6 F0 42 31 06 F1 B3 05 2D 89 66 23 A5 36 C3 CE 88 4F D4 00 E9 C0 92 99 EE B0 5D AB 56 FA C9 16 DB 26 BD 24 65 79 72 32 2F 70 3A 25 96 C3 54 D6 F2 4D 24 43 0B 65 0E 07 79 FC BE 24 25 2C 26 FF 1A 27 Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bitsSignature: 00 12 F1 70 5D 45 8C BA 1F 36 42 75 0E 70 0C 37 A0 FD CE 64 D8 87 66 08 C6 F8 A5 84 1C 24 AB D3 27 B8 5E 32 AB 4D C8 6D 5D 5A 29 1F D5 AD ED 96 2F 04 2A AE A9 00 1D E3 95 2B ED 72 D6 7E D0 B9 1A C1 5E 7C 8C C1 F5 87 CE 1D 48 29 8E A6 82 64 DC 9E CA 70 1A 65 7F B1 DE 65 BD 14 56 24 83 C5 F3 36 84 B0 4C 7D 8F 83 52 5B 5B 3F F5 75 FB 44 EF 2F AE 6F ED 04 7B D9 E6 80 B2 48 7E 36 30 80 47 8C C4 D8 37 52 C9 F3 EE F1 2D 54 9E 8F 52 C0 C8 BB 48 C7 85 51 54 C5 91 C7 55 55 FE 28 74 52 55 0F 2A 1F 6B 19 80 3E 99 A9 C1 03 F6 88 99 D3 9D 77 2A 30 DE [...]
45410 - SSL Certificate commonName MismatchSynopsis
The SSL certificate commonName does not match the host name.Description
This service presents an SSL certificate for which the 'commonName'(CN) does not match the host name on which the service listens.
SolutionIf the machine has several names, make sure that users connect to the service through the DNS host name thatmatches the common name in the certificate.
Risk FactorNone
Plugin Information:Publication date: 2010/04/03, Modification date: 2012/09/30
Portstcp/3389
The host name known by Nessus is :
peheracosq
The Common Name in the certificate is :
peheracosq.peru.fsm.corp
-
Vulnerabilities By Plugin
-
38
18405 (2) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle WeaknessSynopsis
It may be possible to get access to the remote host.Description
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle(MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. Anattacker with the ability to intercept traffic from the RDP server can establish encryption with the client and serverwithout being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive informationtransmitted, including authentication credentials.This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any localuser with access to this file (on any Windows system) can retrieve the key and use it for this attack.
See Alsohttp://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?e2628096
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution- Force the use of SSL as a transport layer for this service if supported, or/and- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication'setting if it is available.
Risk FactorMedium
CVSS Base Score5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score4.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
ReferencesBID 13818
CVE CVE-2005-1794
XREF OSVDB:17131
Plugin Information:Publication date: 2005/06/01, Modification date: 2014/03/04
Hosts172.29.1.19 (tcp/3389)172.29.1.62 (tcp/3389)
-
39
57608 (2) - SMB Signing RequiredSynopsis
Signing is not required on the remote SMB server.Description
Signing is not required on the remote SMB server. This can allow man-in-the-middle attacks against the SMB server.See Also
http://support.microsoft.com/kb/887429
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
SolutionEnforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft networkserver:Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links forfurther details.
Risk FactorMedium
CVSS Base Score5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:Publication date: 2012/01/19, Modification date: 2014/08/05
Hosts172.29.1.19 (tcp/445)172.29.1.62 (tcp/445)
-
40
57690 (2) - Terminal Services Encryption Level is Medium or LowSynopsis
The remote host is using weak cryptography.Description
The remote Terminal Services service is not configured to use strong cryptography.Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easilyand obtain screenshots and/or keystrokes.
SolutionChange RDP encryption level to one of :3. High4. FIPS Compliant
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/01/25, Modification date: 2014/01/07
Hosts172.29.1.19 (tcp/3389)
The terminal services encryption level is set to :
2. Medium
172.29.1.62 (tcp/3389)
The terminal services encryption level is set to :
2. Medium
-
41
58453 (2) - Terminal Services Doesn't Use Network Level Authentication (NLA)Synopsis
The remote Terminal Services doesn't use Network Level Authentication.Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA). NLA uses the CredentialSecurity Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL orKerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLAalso helps protect the remote computer from malicious users and software by completing user authentication before afull RDP connection is established.
See Alsohttp://technet.microsoft.com/en-us/library/cc732713.aspx
http://www.nessus.org/u?e2628096
SolutionEnable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab ofthe 'System' settings on Windows.
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/03/23, Modification date: 2013/08/05
Hosts172.29.1.19 (tcp/3389)172.29.1.62 (tcp/3389)
-
42
51192 (1) - SSL Certificate Cannot Be TrustedSynopsis
The SSL certificate for this service cannot be trusted.Description
The server's X.509 certificate does not have a signature from a known public certificate authority. This situation canoccur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.First, the top of the certificate chain sent by the server might not be descended from a known public certificateauthority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or whenintermediate certificates are missing that would connect the top of the certificate chain to a known public certificateauthority.Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur eitherwhen the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.Third, the certificate chain may contain a signature that either didn't match the certificate's information, or could notbe verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer.Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessuseither does not support or does not recognize.If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify theauthenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against theremote host.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2010/12/15, Modification date: 2014/02/27
Hosts172.29.1.62 (tcp/3389)
The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority :
|-Subject : CN=PEHERACOSQ.PERU.FSM.CORP|-Issuer : CN=PEHERACOSQ.PERU.FSM.CORP
-
43
57582 (1) - SSL Self-Signed CertificateSynopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is apublic host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack againstthe remote host.Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signedby an unrecognized certificate authority.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2012/01/17, Modification date: 2012/10/25
Hosts172.29.1.62 (tcp/3389)
The following certificate was found at the top of the certificatechain sent by the remote host, but is self-signed and was notfound in the list of known certificate authorities :
|-Subject : CN=PEHERACOSQ.PERU.FSM.CORP
-
44
30218 (2) - Terminal Services Encryption Level is not FIPS-140 CompliantSynopsis
The remote host is not FIPS-140 compliant.Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.Solution
Change RDP encryption level to :4. FIPS Compliant
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2008/02/11, Modification date: 2014/01/07
Hosts172.29.1.19 (tcp/3389)
The terminal services encryption level is set to :
2. Medium (Client Compatible)
172.29.1.62 (tcp/3389)
The terminal services encryption level is set to :
2. Medium (Client Compatible)
-
45
11219 (7) - Nessus SYN scannerSynopsis
It is possible to determine which TCP ports are open.Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Hosts172.29.1.19 (tcp/80)
Port 80/tcp was found to be open
172.29.1.19 (tcp/139)Port 139/tcp was found to be open
172.29.1.19 (tcp/445)Port 445/tcp was found to be open
172.29.1.19 (tcp/3389)Port 3389/tcp was found to be open
172.29.1.62 (tcp/80)Port 80/tcp was found to be open
172.29.1.62 (tcp/445)Port 445/tcp was found to be open
172.29.1.62 (tcp/3389)Port 3389/tcp was found to be open
-
46
11011 (3) - Microsoft Windows SMB Service DetectionSynopsis
A file / print sharing service is listening on the remote host.Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,used to provide shared access to files, printers, etc between nodes on a network.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2002/06/05, Modification date: 2012/01/31
Hosts172.29.1.19 (tcp/139)
An SMB server is running on this port.
172.29.1.19 (tcp/445)
A CIFS server is running on this port.
172.29.1.62 (tcp/445)
A CIFS server is running on this port.
-
47
10107 (2) - HTTP Server Type and VersionSynopsis
A web server is running on the remote host.Description
This plugin attempts to determine the type and the version of the remote web server.Solution
n/aRisk Factor
None
Plugin Information:Publication date: 2000/01/04, Modification date: 2014/08/01
Hosts172.29.1.19 (tcp/80)
The remote web server type is :
Microsoft-IIS/7.5
172.29.1.62 (tcp/80)The remote web server type is :
Microsoft-IIS/7.5
-
48
10114 (2) - ICMP Timestamp Request Remote Date DisclosureSynopsis
It is possible to determine the exact time set on the remote host.Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.
SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk FactorNone
ReferencesCVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18
Hosts172.29.1.19 (icmp/0)
The ICMP timestamps seem to be in little endian format (not in network format)The difference between the local and remote clocks is 172 seconds.
172.29.1.62 (icmp/0)The ICMP timestamps seem to be in little endian format (not in network format)The difference between the local and remote clocks is 141 seconds.
-
49
10287 (2) - Traceroute InformationSynopsis
It was possible to obtain traceroute information.Description
Makes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Hosts172.29.1.19 (udp/0)
For your information, here is the traceroute from 10.240.5.21 to 172.29.1.19 : 10.240.5.2110.240.5.1172.29.1.19
172.29.1.62 (udp/0)For your information, here is the traceroute from 10.240.5.21 to 172.29.1.62 : 10.240.5.2110.240.5.1172.29.1.62
-
50
10394 (2) - Microsoft Windows SMB Log In PossibleSynopsis
It is possible to log into the remote host.Description
The remote host is running Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It waspossible to log into it using one of the following accounts :- NULL session- Guest account- Given Credentials
See Alsohttp://support.microsoft.com/kb/143474
http://support.microsoft.com/kb/246261
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2000/05/09, Modification date: 2014/10/06
Hosts172.29.1.19 (tcp/445)
- NULL sessions are enabled on the remote host
172.29.1.62 (tcp/445)- NULL sessions are enabled on the remote host
-
51
10785 (2) - Microsoft Windows SMB NativeLanManager Remote System Information DisclosureSynopsis
It is possible to obtain information about the remote operating system.Description
It is possible to get the remote operating system name and version (Windows and/or Samba) by sending anauthentication request to port 139 or 445.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2001/10/17, Modification date: 2014/04/09
Hosts172.29.1.19 (tcp/445)
The remote Operating System is : Windows Server 2008 R2 Enterprise 7601 Service Pack 1The remote native lan manager is : Windows Server 2008 R2 Enterprise 6.1The remote SMB Domain Name is : PERU
172.29.1.62 (tcp/445)The remote Operating System is : Windows Server 2008 R2 Enterprise 7601 Service Pack 1The remote native lan manager is : Windows Server 2008 R2 Enterprise 6.1The remote SMB Domain Name is : PERU
-
52
11936 (2) - OS IdentificationSynopsis
It is possible to guess the remote operating system.Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Hosts172.29.1.19 (tcp/0)
Remote operating system : Microsoft Windows Server 2008 R2Confidence Level : 75Method : HTTP
The remote host is running Microsoft Windows Server 2008 R2
172.29.1.62 (tcp/0)
Remote operating system : Microsoft Windows Server 2008 R2 Enterprise Service Pack 1Confidence Level : 99Method : MSRPC
The remote host is running Microsoft Windows Server 2008 R2 Enterprise Service Pack 1
-
53
19506 (2) - Nessus Scan InformationSynopsis
Information about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/07/29
Hosts172.29.1.19 (tcp/0)
Information about this scan :
Nessus version : 5.2.7Plugin feed version : 201410070915Scanner edition used : Nessus HomeScan policy used : full_internaScanner IP : 10.240.5.21Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/10/15 23:00 SA Pacific Standard TimeScan duration : 251 sec
172.29.1.62 (tcp/0)Information about this scan :
Nessus version : 5.2.7Plugin feed version : 201410070915Scanner edition used : Nessus HomeScan policy used : full_internaScanner IP : 10.240.5.21Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1
-
54
Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/10/15 23:00 SA Pacific Standard TimeScan duration : 266 sec
-
55
22964 (2) - Service DetectionSynopsis
The remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/07/24
Hosts172.29.1.19 (tcp/80)
A web server is running on this port.
172.29.1.62 (tcp/80)A web server is running on this port.
-
56
24260 (2) - HyperText Transfer Protocol (HTTP) InformationSynopsis
Some information about the remote HTTP configuration can be extracted.Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/01/30, Modification date: 2011/05/31
Hosts172.29.1.19 (tcp/80)
Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :
Server: Microsoft-IIS/7.5 Date: Thu, 16 Oct 2014 03:58:09 GMT Content-Length: 0
172.29.1.62 (tcp/80)
Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :
Server: Microsoft-IIS/7.5 Date: Thu, 16 Oct 2014 03:58:29 GMT Content-Length: 0
-
57
24786 (2) - Nessus Windows Scan Not Performed with Admin PrivilegesSynopsis
The Nessus scan of this host may be incomplete due to insufficient privileges provided.Description
The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, howeverthese credentials do not have administrative privileges.Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs onthe remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends todetermine if a patch has been applied.If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back toperform a patch audit through the registry which may lead to false positives (especially when using third-party patchauditing tools) or to false negatives (not all patches can be detected through the registry).
SolutionReconfigure your scanner to use credentials with administrative privileges.
Risk FactorNone
Plugin Information:Publication date: 2007/03/12, Modification date: 2013/01/07
Hosts172.29.1.19 (tcp/0)
It was not possible to connect to '\\PEHERACOSQ\ADMIN$' with the supplied credentials.
172.29.1.62 (tcp/0)
It was not possible to connect to '\\PEHERACOSQ\ADMIN$' with the supplied credentials.
-
58
25220 (2) - TCP/IP Timestamps SupportedSynopsis
The remote service implements TCP timestamps.Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.
See Alsohttp://www.ietf.org/rfc/rfc1323.txt
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Hosts172.29.1.19 (tcp/0)172.29.1.62 (tcp/0)
-
59
26917 (2) - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows RegistrySynopsis
Nessus is not able to access the remote Windows Registry.Description
It was not possible to connect to PIPE\winreg on the remote host.If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'RemoteRegistry Access'service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/10/04, Modification date: 2011/03/27
Hosts172.29.1.19 (tcp/445)
Could not connect to the registry because:Could not connect to \winreg
172.29.1.62 (tcp/445)Could not connect to the registry because:Could not connect to IPC$
-
60
42410 (2) - Microsoft Windows NTLMSSP Authentication Request Remote Network Name DisclosureSynopsis
It is possible to obtain the network name of the remote host.Description
The remote host listens on tcp port 445 and replies to SMB requests.By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the nameof its domain.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/11/06, Modification date: 2011/03/27
Hosts172.29.1.19 (tcp/445)
The following 2 NetBIOS names have been gathered :
PEHERACOSQ = Computer name PERU = Workgroup / Domain name
172.29.1.62 (tcp/445)The following 2 NetBIOS names have been gathered :
PEHERACOSQ = Computer name PERU = Workgroup / Domain name
-
61
43111 (2) - HTTP Methods Allowed (per directory)Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/12/10, Modification date: 2013/05/09
Hosts172.29.1.19 (tcp/80)
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
172.29.1.62 (tcp/80)Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
-
62
45590 (2) - Common Platform Enumeration (CPE)Synopsis
It is possible to enumerate CPE names that matched on the remote system.Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.
See Alsohttp://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/09/19
Hosts172.29.1.19 (tcp/0)
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2008:r2 -> Microsoft Windows Server 2008 R2
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5
172.29.1.62 (tcp/0)
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2008:r2:sp1:enterprise
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.5 -> Microsoft Internet Information Services (IIS) 7.5
-
63
54615 (2) - Device TypeSynopsis
It is possible to guess the remote device type.Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Hosts172.29.1.19 (tcp/0)
Remote device type : general-purposeConfidence level : 75
172.29.1.62 (tcp/0)Remote device type : general-purposeConfidence level : 99
-
64
66334 (2) - Patch ReportSynopsis
The remote host is missing several patches.Description
The remote host is missing one or several security patches. This plugin lists the newest version of each patch to installto make sure the remote host is up-to-date.
SolutionInstall the patches listed below.
Risk FactorNone
Plugin Information:Publication date: 2013/07/08, Modification date: 2014/09/09
Hosts172.29.1.19 (tcp/0)
. You need to take the following action:[ Microsoft Windows Remote Desktop Protocol Server Man-in-the-