X Display Manager Control Protocol (XDMCP) Network Vulnerability

Summary

The remote host is running XDMCP. This protocol is used to provide X display connections for X terminals. XDMCP is completely insecure, since the traffic and passwords are not encrypted. An attacker may use this flaw to capture all the keystrokes of the users using this host through their X terminal, including passwords. Also XDMCP is an additional login mechanism that you may not have been aware was enabled, or may not be monitoring failed logins on.

Solution

Disable XDMCP

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Check for a Citrix server
Check RPC rstatd Service Running
Check for rsh Service
X Display Manager Control Protocol (XDMCP)
Check for echo Service

Take action and discover your vulnerabilities