Ensure XDMCP is not enabledID: oval:org.secpod.oval:def:96545 | Date: (C)2024-01-09 (M)2024-01-09 |
Class: COMPLIANCE | Family: unix |
X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a user 2. XDMCP is vulnerable to man-in-the-middle attacks. This may allow an attacker to steal the credentials of legitimate users by impersonating the XDMCP server.