Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

PPTP detection and versioning

Information

Severity

Severity

Informational

Family

Family

Service detection

CVSSv2 Base

CVSSv2 Base

0.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:N

Created

Created

18 years ago

Modified

Modified

5 years ago

Summary

The remote host seems to be running a PPTP (VPN) service, this service allows remote users to connect to the internal network and play a trusted rule in it. This service should be protect with encrypted username & password combinations, and should be accessible only to trusted individuals. By default the service leaks out such information as Server version (PPTP version), Hostname and Vendor string this could help an attacker better prepare her next attack. Also note that PPTP is not configured as being cryptographically secure, and you should use another VPN method if you can

Solution

Solution

Restrict access to this port from untrusted networks. Make sure only encrypt channels are allowed through the PPTP (VPN) connection.