XDMCP service running

Description
  • An X Display Manager Control Protocol (XDMCP) service is running on this host. XDMCP allows the starting of a session on an X server from the same or another computer. A display manager presents the user with a login screen which prompts for a username and password. A session starts when the user successfully enters a valid combination of username and password. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely. Also, all information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
Remediation
  • If you are not using this service, it is recommended to disable it.
References