Network UPS Tools Cleartext Authentication

2012-06-22T00:00:00
ID NUT_PLAINTEXT_AUTHENTICATION.NASL
Type nessus
Reporter Tenable
Modified 2018-11-15T00:00:00

Description

The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59659);
  script_version("1.5");
  script_cvs_date("Date: 2018/11/15 20:50:23");

  script_name(english:"Network UPS Tools Cleartext Authentication");
  script_summary(english:"Checks if the server supports encrypted authentication.");

  script_set_attribute(attribute:"synopsis", value:
"The UPS monitoring tool on the remote host does not support encrypted
authentication.");
  script_set_attribute(attribute:"description", value:
"The remote Network UPS Tools does not support exchanging credentials
through an encrypted channel. An unauthenticated, remote attacker can
exploit this to perform a man-in-the-middle attack, intercept
credentials, and alter the settings on the UPS that the server
manages.");
  # https://networkupstools.org/docs/developer-guide.chunked/ar01s09.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a501865");
  script_set_attribute(attribute:"see_also", value:"https://networkupstools.org/docs/user-manual.chunked/ar01s09.html");
  script_set_attribute(attribute:"solution", value:
"Enable StartTLS support on the server using the 'CERTFILE' directive.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/22");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:networkupstools:nut");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("nut_starttls.nasl");
  script_require_ports("Services/nut", 3493);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

# Get the ports that NUT have been found on.
port = get_service(svc:"nut", exit_on_fail:TRUE);

# Check how the port is secured.
if (get_kb_item("nut/" + port + "/starttls"))
  exit(0, "The Network UPS Tools server running on port " + port + " supports StartTLS.");

report = "The Network UPS Tools server on port " + port + " does not support encrypted logins.";
set_kb_item(name:"PCI/ClearTextCreds/" + port, value:report);

security_warning(port);