ScanAlert - Report - Thane
ScanAlert - Report - Thane
ScanAlert - Report - Thane
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Security <strong>Report</strong> - By Device<br />
Fitness Quest, Inc.<br />
30-MAR-2007 05:44<br />
Confidential Information<br />
The following report contains confidential information. Do not distribute, email, fax or transfer via any electric mechanism unless it has been approved<br />
by your organization's security policy. All copies and backups of this document should be maintained on protected storage at all times. Do not share<br />
any of the information contained within this report with anyone unless you confirm they are authorized to view the information.<br />
Disclaimer<br />
This, or any other, vulnerability audit cannot and does not guarantee security. <strong>ScanAlert</strong> makes no warranty or claim of any kind, whatsoever, about<br />
the accuracy or usefulness of any information provided herein. By using this information you agree that <strong>ScanAlert</strong> shall be held harmless in any<br />
event. <strong>ScanAlert</strong> makes this information available solely under its Terms of Service Agreement published at www.scanalert.com.
Executive Summary<br />
This report was generated by the SDP compliant scanning vendor <strong>ScanAlert</strong>, under certificate number 3709-01-01 in the framework of the PCI<br />
data security initiative and took into consideration security requirements as expressed in the MasterCard SDP Security Standard.<br />
As a "Qualified Independent Scan Vendor" <strong>ScanAlert</strong> is accredited by Visa, MasterCard, American Express, Discover Card and JCB to perform<br />
network security audits conforming to the Payment Card Industry (PCI) Data Security Standards.<br />
To earn validation of PCI compliance, network devices being audited must pass tests that probe all of the known methods hackers use to access<br />
private information, in addition to vulnerabilities that would allow malicious software (i.e. viruses and worms) to gain access to or disrupt the<br />
network devices being tested.<br />
NOTE: In order to demonstrate compliance with the PCI Data Security Standard a vulnerability scan must have been completed within the past<br />
90 days with no vulnerabilities listed as URGENT, CRITICAL or HIGH (numerical severity ranking of 3 or higher) present on any device within<br />
this report. Additionally, Visa and MasterCard regulations require that you configure your scanning to include all IP addresses, domain names,<br />
DNS servers, load balancers, firewalls or external routers used by, or assigned to, your company, and that you configure any IDS/IPS to not<br />
block access from the originating IP addresses of our scan servers.<br />
<strong>ScanAlert</strong>'s Certification of Regulatory Compliance<br />
HACKER SAFE sites are tested and certified daily by <strong>ScanAlert</strong> to meet all U.S. Government requirements for remote vulnerability testing as set<br />
forth by the National Infrastructure Protection Center (NIPC) and are accredited by the SANS Institute to meet the requirements of the SANS/FBI<br />
"Top Twenty Internet Securities Vulnerabilities" test. They are also certified to meet the security scanning requirements of Visa USA's Cardholder<br />
Information Security Program (CISP), Visa International's Account Information Security (AIS) program, MasterCard Internationals's Site Data<br />
Protection (SDP) program, American Express' CID security program, the Discover Card Information Security and Compliance (DISC) program<br />
within the framework of the Payment Card Industry (PCI) Data Security Standard.<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 2
<strong>Report</strong> Overview<br />
Customer Name<br />
Fitness Quest, Inc.<br />
Date Generated 30-MAR-2007 05:44<br />
<strong>Report</strong> Type<br />
Security - By Device<br />
Devices 5<br />
<strong>Report</strong> Contents<br />
Vulnerabilities By Severity<br />
Vulnerabilities By Category<br />
Device Overview<br />
Services Detected<br />
All Vulnerabilities Found<br />
Device Detail<br />
Appendix<br />
Device Groups 0<br />
Vulnerabilities 4<br />
Vulnerabilities By Severity - All 5 Devices<br />
Severity<br />
0 Urgent<br />
0 Critical<br />
0 High<br />
2 Medium<br />
7 Low<br />
Vulnerabilities By Category (Top 5) - All 5 Devices<br />
Category<br />
5 Other<br />
4 Web Application<br />
Services Detected - All 5 Devices<br />
Port Protocol Service Devices<br />
25 tcp smtp 1<br />
443 tcp https 1<br />
80 tcp http 1<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 3
All Vulnerabilities Found<br />
Name Category Devices<br />
WebApp Cross Site Scripting Web Application 1<br />
Directory Scanner Web Application 1<br />
ICMP TimeStamp Request Other 1<br />
Inconclusive Network Scan Other 1<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 4
Device Overview<br />
Name<br />
Urgent Critical High Medium Low<br />
Open Ports<br />
63.109.13.1 0 0 0 0 1 0<br />
63.109.13.3 0 0 0 0 0 0<br />
63.109.13.5 0 0 0 0 1 0<br />
ashe.fitnessquest.com 0 0 0 0 2 1<br />
www.fitnessquest.com 0 0 0 2 3 2<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 5
Overview - 63.109.13.1<br />
Last Audit Date<br />
Urgent Critical High Medium Low<br />
Total<br />
29-MAR-2007 08:34 0 0 0 0 1 1<br />
Open Ports - 63.109.13.1<br />
Port Protocol Service Banner<br />
None<br />
Vulnerabilities - 63.109.13.1<br />
None<br />
Information Disclosures - 63.109.13.1<br />
ICMP TimeStamp Request<br />
Port First Detected Category<br />
0 05-OCT-2006 14:34 Other<br />
Protocol Fix Difficulty Impact<br />
ICMP Medium Information Disclosure<br />
Description<br />
The remote host appears to answer to an ICMP timestamp request.<br />
This allows an attacker to obtain date and local time information set on your machine. This information could be useful in finding a way to<br />
circumvent your time based authentication protocols.<br />
Solution<br />
Filter out the ICMP timestamp requests (ICMP type 13), and the outgoing ICMP timestamp replies (ICMP type 14).<br />
BlackICE firewall: This option is not available in all versions; see Links for details. The following lines can be added to the firewall.ini file<br />
under the [MANUAL ICMP...] section:<br />
REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
Result<br />
None<br />
Links<br />
BlackIce Admin Guide<br />
BlackIce Block ICMP<br />
Related<br />
CVE CVE-1999-0524<br />
Resolved Items - 63.109.13.1<br />
Date 22-MAR-2007 12:43<br />
Vulnerability<br />
Resolved By<br />
Incomplete Port Scan<br />
John Pittinger<br />
Port 0<br />
Reason<br />
The 63.109.13.1 is a router and will not be allowing port scans to be allowed. other than my DMZ port -80 443- 63.109.13.3 is<br />
my PIX Device responsible for NAT xlation of my intranet devices. Neither device is a Web server. Thanks<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 6
Overview - 63.109.13.3<br />
Last Audit Date<br />
Urgent Critical High Medium Low<br />
Total<br />
29-MAR-2007 07:43 0 0 0 0 0 0<br />
Open Ports - 63.109.13.3<br />
Port Protocol Service Banner<br />
None<br />
Vulnerabilities - 63.109.13.3<br />
None<br />
Information Disclosures - 63.109.13.3<br />
None<br />
Resolved Items - 63.109.13.3<br />
Date 22-MAR-2007 12:43<br />
Vulnerability<br />
Resolved By<br />
Incomplete Port Scan<br />
John Pittinger<br />
Port 0<br />
Reason<br />
The 63.109.13.1 is a router and will not be allowing port scans to be allowed. other than my DMZ port -80 443- 63.109.13.3 is<br />
my PIX Device responsible for NAT xlation of my intranet devices. Neither device is a Web server. Thanks<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 7
Overview - 63.109.13.5<br />
Last Audit Date<br />
Urgent Critical High Medium Low<br />
Total<br />
29-MAR-2007 15:42 0 0 0 0 1 1<br />
Open Ports - 63.109.13.5<br />
Port Protocol Service Banner<br />
None<br />
Vulnerabilities - 63.109.13.5<br />
None<br />
Information Disclosures - 63.109.13.5<br />
ICMP TimeStamp Request<br />
Port First Detected Category<br />
0 26-JAN-2006 11:12 Other<br />
Protocol Fix Difficulty Impact<br />
ICMP Medium Information Disclosure<br />
Description<br />
The remote host appears to answer to an ICMP timestamp request.<br />
This allows an attacker to obtain date and local time information set on your machine. This information could be useful in finding a way to<br />
circumvent your time based authentication protocols.<br />
Solution<br />
Filter out the ICMP timestamp requests (ICMP type 13), and the outgoing ICMP timestamp replies (ICMP type 14).<br />
BlackICE firewall: This option is not available in all versions; see Links for details. The following lines can be added to the firewall.ini file<br />
under the [MANUAL ICMP...] section:<br />
REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
Result<br />
None<br />
Links<br />
BlackIce Admin Guide<br />
BlackIce Block ICMP<br />
Related<br />
CVE CVE-1999-0524<br />
Resolved Items - 63.109.13.5<br />
Date 05-OCT-2006 12:48<br />
Vulnerability<br />
Resolved By<br />
Incomplete Port Scan<br />
John Pittinger<br />
Port 0<br />
Reason<br />
this is a router not allowing ports to be scanned.<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 8
Overview - ashe.fitnessquest.com<br />
Last Audit Date<br />
Urgent Critical High Medium Low<br />
Total<br />
29-MAR-2007 03:24 0 0 0 0 2 2<br />
Open Ports - ashe.fitnessquest.com<br />
Port Protocol Service Banner<br />
25 tcp smtp<br />
Vulnerabilities - ashe.fitnessquest.com<br />
Information Disclosures - ashe.fitnessquest.com<br />
Inconclusive Network Scan<br />
Port First Detected Category<br />
0 23-MAR-2007 18:29 Other<br />
Protocol Fix Difficulty Impact<br />
Other Medium Other<br />
Description<br />
This vulnerability is triggered when: The target has open ports > 0 and all ports have a null banner.<br />
In practice, this will occur when the target is offline, there is a problem with network, or the scan engine has an internal problem.<br />
Solution<br />
If this device has no publicly available services or is IP restricted, this vulnerability can be manually resolved.<br />
Otherwise, begin by rescanning the device. The issue may have been a temporary connectivity or communication error. If subsequent<br />
scans are still inconclusive, ensure that all IDS/IPS devices are configured to accept scans from <strong>ScanAlert</strong>.<br />
The list of <strong>ScanAlert</strong>'s source IP address can be found here: http://www.scanalert.com/help/ScanIps.sa<br />
If scans continue to be inconclusive, please contact customer support for additional help in troubleshooting.<br />
Result<br />
None<br />
Links<br />
None<br />
Related<br />
None<br />
ICMP TimeStamp Request<br />
Port First Detected Category<br />
0 05-OCT-2006 14:25 Other<br />
Protocol Fix Difficulty Impact<br />
ICMP Medium Information Disclosure<br />
Description<br />
The remote host appears to answer to an ICMP timestamp request.<br />
This allows an attacker to obtain date and local time information set on your machine. This information could be useful in finding a way to<br />
circumvent your time based authentication protocols.<br />
Solution<br />
Filter out the ICMP timestamp requests (ICMP type 13), and the outgoing ICMP timestamp replies (ICMP type 14).<br />
BlackICE firewall: This option is not available in all versions; see Links for details. The following lines can be added to the firewall.ini file<br />
under the [MANUAL ICMP...] section:<br />
REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 9
Result<br />
None<br />
Links<br />
BlackIce Admin Guide<br />
BlackIce Block ICMP<br />
Related<br />
CVE CVE-1999-0524<br />
Resolved Items - ashe.fitnessquest.com<br />
None<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 10
Overview - www.fitnessquest.com<br />
Last Audit Date<br />
Urgent Critical High Medium Low<br />
Total<br />
29-MAR-2007 15:19 0 0 0 2 3 5<br />
Open Ports - www.fitnessquest.com<br />
Port Protocol Service Banner<br />
80 tcp http http<br />
443 tcp https https<br />
Vulnerabilities - www.fitnessquest.com<br />
Information Disclosures - www.fitnessquest.com<br />
WebApp Cross Site Scripting<br />
Port First Detected Category<br />
443 27-MAR-2007 11:34 Web Application<br />
Protocol Fix Difficulty Impact<br />
HTTP Medium Cross Site Scripting (XSS)<br />
Description<br />
The remote web application appears to be vulnerable to cross site scripting (XSS).<br />
The cross-site scripting attack is one of the most common, yet overlooked, security problems facing web developers today. A web site is<br />
vulnerable if it displays user-submitted content without checking for malicious script tags.<br />
The target of cross-site scripting attacks is not the server itself, but the user files on the server, such as forms and other dynamic content. All<br />
a malicious attacker needs to do is find a page that does not properly sanitize user input, but returns the scripting code verbatim to the<br />
browser of a visitor to that website. It is important to note that websites that use SSL are just as vulnerable as websites that do not encrypt<br />
browser sessions.<br />
The damage caused by such an attack can range from stealing session and cookie data from your customers to loading a virus payload<br />
onto their computer via browser.<br />
The pages listed in the vulnerability output will display embedded javascript with no filtering back to the user.<br />
Solution<br />
Ensure you turn the > and < into their HTML equivalents before sending it back to the browser.<br />
Ensure that parameters and user input are stripped of HTML tags before using.<br />
Remove : input = replace( input, ">", "" ) Remove ' : input = replace( input, "'", "" )<br />
Filtering < and > alone will not solve all cross site scripting attacks and it is suggested you also attempt to filter out ( and ) by translating<br />
them to their encoded equivalents.<br />
Result<br />
Method POST Protocol https Port 443 Demo<br />
Path /scripts/cgiip.exe/WService=fq/warranty.html<br />
product=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
serial=<br />
packageid=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
amonth=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
aday=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
ayear=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
firstname=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
lastname=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
address=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
city=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
state=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
zip=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
areacode=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
prefix=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
last4=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
email=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
sex=A<br />
sex=B<br />
married=A<br />
married=B<br />
Post<br />
purchased=A<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 11
purchased=B<br />
purchased=C<br />
purchased=D<br />
purchased=E<br />
dobmonth=0<br />
dobday=0<br />
dobyear=0<br />
education=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
goal=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
equip1=A<br />
equip2=A<br />
equip3=A<br />
equip4=A<br />
equip5=A<br />
equip6=A<br />
people=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
room=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
enter=SUBMIT<br />
reset=CLEAR<br />
Headers Content-Type=application%2Fx-www-form-urlencoded<br />
Links<br />
Top sites vulnerable to hackers<br />
The Cross Site Scripting FAQ<br />
An Oldie but Goodie: The Cross-Site Scripting Vulnerability<br />
www.cgisecurity.com/articles/xss-faq.shtml<br />
www.developer.com/lang/article.php/947041<br />
www.vnunet.com/vnunet/news/2116667/top-sites-vulnerable-hackers<br />
Apache: Cross Site Scripting Info<br />
Apache: ???<br />
The Cross-Site Scripting Vulnerability<br />
Top sites vulnerable to hackers<br />
Related<br />
CERT CA-2000-02<br />
WebApp Cross Site Scripting<br />
Port First Detected Category<br />
80 27-FEB-2007 09:33 Web Application<br />
Protocol Fix Difficulty Impact<br />
HTTP Medium Cross Site Scripting (XSS)<br />
Description<br />
The remote web application appears to be vulnerable to cross site scripting (XSS).<br />
The cross-site scripting attack is one of the most common, yet overlooked, security problems facing web developers today. A web site is<br />
vulnerable if it displays user-submitted content without checking for malicious script tags.<br />
The target of cross-site scripting attacks is not the server itself, but the user files on the server, such as forms and other dynamic content. All<br />
a malicious attacker needs to do is find a page that does not properly sanitize user input, but returns the scripting code verbatim to the<br />
browser of a visitor to that website. It is important to note that websites that use SSL are just as vulnerable as websites that do not encrypt<br />
browser sessions.<br />
The damage caused by such an attack can range from stealing session and cookie data from your customers to loading a virus payload<br />
onto their computer via browser.<br />
The pages listed in the vulnerability output will display embedded javascript with no filtering back to the user.<br />
Solution<br />
Ensure you turn the > and < into their HTML equivalents before sending it back to the browser.<br />
Ensure that parameters and user input are stripped of HTML tags before using.<br />
Remove : input = replace( input, ">", "" ) Remove ' : input = replace( input, "'", "" )<br />
Filtering < and > alone will not solve all cross site scripting attacks and it is suggested you also attempt to filter out ( and ) by translating<br />
them to their encoded equivalents.<br />
Result<br />
Method POST Protocol http Port 80 Demo<br />
Path /scripts/cgiip.exe/WService=fq/warranty.html<br />
product=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
serial=<br />
packageid=80000002<br />
amonth=x';<br />
aday=x';<br />
ayear=80000002<br />
firstname=x';<br />
lastname=x';<br />
address=80000002<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 12
city=80000002<br />
state=80000002<br />
zip=80000002<br />
areacode=x';<br />
prefix=`80<br />
last4=0<br />
email=80000002<br />
sex=A<br />
sex=B<br />
married=A<br />
married=B<br />
Post<br />
purchased=A<br />
purchased=B<br />
purchased=C<br />
purchased=D<br />
purchased=E<br />
dobmonth=0<br />
dobday=0<br />
dobyear=0<br />
education=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
goal=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
equip1=A<br />
equip2=A<br />
equip3=A<br />
equip4=A<br />
equip5=A<br />
equip6=A<br />
people=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
room=4319f684-0c89-4edc-9d8a-c56752eb905f<br />
enter=SUBMIT<br />
reset=CLEAR<br />
Headers Content-Type=application%2Fx-www-form-urlencoded<br />
Links<br />
Top sites vulnerable to hackers<br />
The Cross Site Scripting FAQ<br />
An Oldie but Goodie: The Cross-Site Scripting Vulnerability<br />
www.cgisecurity.com/articles/xss-faq.shtml<br />
www.developer.com/lang/article.php/947041<br />
www.vnunet.com/vnunet/news/2116667/top-sites-vulnerable-hackers<br />
Apache: Cross Site Scripting Info<br />
Apache: ???<br />
The Cross-Site Scripting Vulnerability<br />
Top sites vulnerable to hackers<br />
Related<br />
CERT CA-2000-02<br />
Directory Scanner<br />
Port First Detected Category<br />
80 22-OCT-2006 00:29 Web Application<br />
Protocol Fix Difficulty Impact<br />
HTTP Medium Information Disclosure<br />
Description<br />
During an audit common directories are looked for. This may result in non public Web pages being found.<br />
Solution<br />
Make sure that these directories are intented for the public.<br />
Result<br />
Method GET Protocol http Port 80 Demo<br />
Path /images/<br />
Links<br />
None<br />
Related<br />
None<br />
Directory Scanner<br />
Port First Detected Category<br />
443 22-OCT-2006 00:29 Web Application<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 13
Protocol Fix Difficulty Impact<br />
HTTP Medium Information Disclosure<br />
Description<br />
During an audit common directories are looked for. This may result in non public Web pages being found.<br />
Solution<br />
Make sure that these directories are intented for the public.<br />
Result<br />
Method GET Protocol https Port 443 Demo<br />
Path /images/<br />
Links<br />
None<br />
Related<br />
None<br />
ICMP TimeStamp Request<br />
Port First Detected Category<br />
0 26-JAN-2006 20:11 Other<br />
Protocol Fix Difficulty Impact<br />
ICMP Medium Information Disclosure<br />
Description<br />
The remote host appears to answer to an ICMP timestamp request.<br />
This allows an attacker to obtain date and local time information set on your machine. This information could be useful in finding a way to<br />
circumvent your time based authentication protocols.<br />
Solution<br />
Filter out the ICMP timestamp requests (ICMP type 13), and the outgoing ICMP timestamp replies (ICMP type 14).<br />
BlackICE firewall: This option is not available in all versions; see Links for details. The following lines can be added to the firewall.ini file<br />
under the [MANUAL ICMP...] section:<br />
REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL, 1000, MANUAL<br />
Result<br />
None<br />
Links<br />
BlackIce Admin Guide<br />
BlackIce Block ICMP<br />
Related<br />
CVE CVE-1999-0524<br />
Resolved Items - www.fitnessquest.com<br />
None<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 14
Vulnerability Levels<br />
Severity Level Description<br />
Urgent<br />
Critical<br />
High<br />
Medium<br />
Low<br />
Intruders can easily gain control of the device being tested, which can lead to the compromise of your entire network<br />
security. Or hackers can use this device to access sensitive information from other devices in your network. Hackers<br />
are often actively scanning for this type of vulnerability.<br />
For example, vulnerabilities at this level may include full read and write access to files or databases, remote<br />
execution of commands, gaining Administrator or Root level access, and the presence of Trojans or backdoors.<br />
Intruders can possibly gain direct control of the device being tested, or there may be potential leakage of highly<br />
sensitive information.<br />
For example, vulnerabilities at this level may include full read access to files, potential backdoors, or a listing of all the<br />
users hosted on the device.<br />
Intruders may be able to gain access to specific information stored on the device being tested, including security<br />
settings. This could result in potential misuse of, or unauthorized access to the device or information stored on it.<br />
For example, vulnerabilities at this level may include partial disclosure of file contents, access to certain files on the<br />
host, directory browsing, disclosure of filtering rules and security mechanisms, denial of service attacks, and<br />
unauthorized use of services such as mail-relaying.<br />
Intruders may be able to collect sensitive information from the host, such as the precise version of OS or software<br />
installed or directory structure. While this level of vulnerability is not directly exploitable itself, with this information<br />
intruders can more easily exploit possible vulnerabilities specific to software versions in use.<br />
Intruders can collect general information about the device being tested (open ports, OS or software type, etc.).<br />
Hackers may be able to use this information to find exploitable vulnerabilities.<br />
Confidential - <strong>ScanAlert</strong> Security Audit <strong>Report</strong><br />
Page 15