'OpenVAS incorrectly flags Cheops NG as vulnerability
OpenVAS is reporting the following vulnerability.
NVT: Cheops NG without password (OID: 1.3.6.1.4.1.25623.1.0.20161)
I'm not running that so it is probably a false positive. I'm wondering what rule it's using to flag that. My guess is it's an open port as I have a few non-standard ports open on that endpoint. Any pointers as to where to look for the rule sets etc?
Solution 1:[1]
The VT in question is flagging a service if the following VT is detecting a Cheops NG Agent service (on the default port 2300 but also on all ports with "unknown" services) previously:
- Name: Cheops NG Agent Detection
- OID: 1.3.6.1.4.1.25623.1.0.20160
- Filename: cheopsNG_detect.nasl
As seen in the source code of that VT the detection of such an "unprotected" service happens if the service in question is responding to a probing request ("m2" variable) if all of the following constraints are matching for the response:
- The length of the received response needs to be >= 8
- The received response starts with "\0\0\0"
- There is an additional "\x01\x00\x00\x7f" somewhere in the received response
Disclaimer: VT Dev @ Greenbone
Solution 2:[2]
Port 3314 is the default port that Cheops NG listens on.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Wayne Gemmell |