PPTP Detection And Versioning Network Vulnerability

Summary

The remote host seems to be running a PPTP (VPN) service, this service allows remote users to connect to the internal network and play a trusted rule in it. This service should be protect with encrypted username & password combinations, and should be accessible only to trusted individuals. By default the service leaks out such information as Server version (PPTP version), Hostname and Vendor string this could help an attacker better prepare her next attack. Also note that PPTP is not configured as being cryptographically secure, and you should use another VPN method if you can

Solution

Restrict access to this port from untrusted networks. Make sure only encrypt channels are allowed through the PPTP (VPN) connection.

References

http://www.counterpane.com/pptp-faq.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 0.0
AV:N/AC:L/Au:N/C:N/I:N/A:N

Related Vulnerabilities

ClamAV Version Detection (Linux)
Avant Browser Version Detection
AjaXplorer Detection
A CVS pserver is running
Adobe InDesign Version Detection

PPTP detection and versioning

Take action and discover your vulnerabilities