[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90055-5

Platform: macosx10.9Date: (C)2015-06-11   (M)2022-10-10



Cryptography to protect the integrity of remote access sessions The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Disabling telnet is one way to mitigate this risk. Authorized users should be instructed to use an alternate service that implements cryptography for remote access sessions, such as SSH.


Parameter:

enabled/disabled


Technical Mechanism:

The service 'telnet' should be disabled, to check the status of the service, run the following command: sudo /usr/libexec/PlistBuddy -c 'print com.apple.telnetd:Disabled' /var/db/launchd.db/com.apple.launchd/overrides.plist If the returned value isn't 'true' or doesn't exist, this is a finding.

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
NISTAC-17 (2)
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:24682
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:24682


OVAL    1
oval:org.secpod.oval:def:24682

© SecPod Technologies