When I scan a server now (Microsoft Server running Nessus 3.2.1.347 and plugins downloaded today, I received a error in total "Medium" rated vulnerabilities.
The count at the top of the report will reflect the following as a "Medium" vulnerability when it is marked as "Risk Factor: None" I agree it is a known risk and we are moving to a more secure application for remote management. But why count and yellow flag if it has been downgraded and if not downgraded why not mark it as "Risk Factor: Medium"? Thanks Check for VNC HTTP Synopsis : The remote host is running a remote display software (VNC). Description : The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another. See also : http://en.wikipedia.org/wiki/Vnc <http://en.wikipedia.org/wiki/Vnc> Solution : Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port. Risk factor : None Nessus ID : 10758 <http://www.nessus.org/plugins/index.php?view=single&id=10758> Robert A. "Bob" Schommer Audit & Security Officer Bway Corporation Desk 770-645-4882 Cell 404-769-1966 [EMAIL PROTECTED]
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
