|
| TC: | 11030 | |
| Description: | The remote host is running a PPTP VPN (Point-to-Point Tunneling Protocol) which allows remote users to connect to a private network. Server version (PPTP version), Host name and Vendor strings can be gathered by a malicious user. | |
| TC Impact: | Gather Info | |
| Service: | PPTP |
| Vulnerability Publication: | 01/01/1970 | |
| Advisory Copyright: | General Security Issue | |
| Summary: | Server version (PPTP version), Host name and Vendor strings can be gathered by a malicious user. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None | |
| CVSS 2.0 Base Score: | 0.0 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Access to a private network. | |
| Nature of Remediation: | Close the service. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Close the service if not used. Else restrict access to this port from untrusted networks. Make sure only ciphered connection are allowed. |
| References: | ||
| * MISC: Microsoft's PPTP Implementation http://www.schneier.com/pptp-faq.html |
| CVE Link: |
GENERIC-MAP-NOMATCH |
 |
|---|
| Glossary: |
RAS VPN |
|---|