Secure mode limits TFTP requests to a specific directory. The TFTP daemon must operate in "secure mode" which provides access only to a single directory on the host file system. If TFTP runs with the setuid or setgid bit set, it may be able to write to any file or directory and may seriously impair system integrity, confidentiality, and availability. The TFTP daemon must have mode 0755 or less permissive. Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. The system must not use removable media as the boot loader. If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or. The system boot loader must require authentication. Specific exceptions for local service administration should be documented in. If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. If an anonymous FTP account has been configured to use a functional shell, attackers could gain access to the shell if the account is compromised.Īdministrative accounts must not run a web browser, except as needed for local service administration.
This is.Īnonymous FTP accounts must not have a functional shell.
#MAC VENDOR LOOKUP 906CAC PASSWORD#
If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. Root passwords must never be passed over a network in clear text form. Findings (MAC III - Administrative Sensitive) Finding ID
0 kommentar(er)
