Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
X Display Manager Control Protocol (XDMCP) Detection
Information
Severity
Severity
Informational
Family
Family
Service detection
CVSSv2 Base
CVSSv2 Base
0.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:N/I:N/A:N
Created
Created
18 years ago
Modified
Modified
5 years ago
Summary
The XDMCP service is running on the remote host.
Insight
Insight
The login and password for XDMCP is transmitted in plaintext. This makes the system vulnerable to Man-in-the-middle attacks, making it easy for an attacker to steal the credentials of a legitimate user by impersonating the XDMCP server. In addition to this, since XDMCP is not a ciphered protocol, an attacker has an easier time capturing the keystrokes entered by the user.
Solution
Solution
XDMCP should either be disabled or limited in the machines which may access the service.