Author Topic: vMCD "Unencrypted telnet server" vulnerability"  (Read 2702 times)

Offline lrjones198

  • Jr. Member
  • **
  • Posts: 54
  • Country: us
  • Karma: +0/-0
    • View Profile
vMCD "Unencrypted telnet server" vulnerability"
« on: February 04, 2016, 02:24:54 PM »
We had an audit and the above was found. Does anyone know how I can either encrypt the connection, or disable telnet and those telnet features could use SSH instead?

This vulnerability shows up on of course port 23 but also 2001 and 15374.
Any help is appreciated.


Offline bluewhite4

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1041
  • Country: us
  • Karma: +20/-0
    • View Profile
Re: vMCD "Unencrypted telnet server" vulnerability"
« Reply #1 on: February 04, 2016, 05:31:54 PM »
The simple answer is no. The 3300/MCD is not capable of ssh.

Offline lrjones198

  • Jr. Member
  • **
  • Posts: 54
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: vMCD "Unencrypted telnet server" vulnerability"
« Reply #2 on: February 04, 2016, 05:43:18 PM »
Is there a way to encrypt the telnet connection? I mean vxworks commands you can encrypt telnet for the 3300 but I am unable to find a technicians handbook for vMCD. Would anyone have access to a tech handbook for a vMCD?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: vMCD "Unencrypted telnet server" vulnerability"
« Reply #3 on: February 04, 2016, 09:55:37 PM »
Even if they can be, these things should not be changed... and they should also not be a security concern since they should be opened in your firewall to the outside world.

Every unencrypted connection is not a security risk, this is not an information or file server, and these ports and connections are of very little consequence if your network is properly secured and you didn't do something foolish like put the MCD in the DMZ or something. Your security audit does not comprehend what these are and what they are for, just that they show up on a scan as "encrypted" and a potential threat, which they are not.


 

Sitemap 1 2 3 4 5 6 7 8 9 10