This question was originally posted on DCIM Support by shemilusman on 2018-07-08
For one of our client where we had installed DCO 8.1.0, the below Security Vulnerabilities have been reported and they asked us to rectify them.
1) Unencrypted Telnet Service Available
2) TELNET access with root and no password
3) Telnet guest account open
Please can anyone reply how to fix them.
Thanks & Regards
This answer was originally posted on DCIM Support by Jef Faridi on 2018-07-09
Out of curiosity wondering how they have scanned/tested this, I don't think we have seen that vulnerability in our daily security scans. However 8.1 is many versions behind, customer should consider upgrading the product to latest version (currently 8.2.7) as we address known vulnerabilities with each DCO release.
This answer was originally posted on DCIM Support by spezialist on 2018-07-09
Dear shemilusman and Jef Faridi,
I think that this is quite possible if the customer deploys DCO software to a server with a pre-installed RHEL/CentOS-7.x operating system.
That is, the above mentioned vulnerability does not apply to DCO software vulnerabilities. In this case, the customer can solve this problem on his own, or he can ask for technical support in RHEL.
P.S.: for example, to stop and disable telnet service on RHEL/CentOS-7.x OS, customer need to execute (under superuser priviledge):
systemctl stop telnet.socket
systemctl disable telnet.socket
This comment was originally posted on DCIM Support by shemilusman on 2018-07-16
Reference to your reply, please note that the DCO Server is installed in the customer Vmware Vcenter as VM server.
I tried the "systemctl" command from console using admin account, and it did not execute and gave me below comment:
"failed to stop telnet.socket: Unit telnet.socket not loaded"
I understand that "root"account access is denied in the console. So how do I execute the Stop Telnet & Disable Telnet commands. Is there any way from the webmin?
Thanks & Regards
This comment was originally posted on DCIM Support by spezialist on 2018-07-16
From your screenshot it is clear, that the vulnerable telnet service is not loaded at all.
Therefore, first you need to check for a vulnerable telnet service on your server in a different way. To do this, from the regular user (not the superuser) run the following command:
netstat -anp | grep :23
If you see something like this:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN -
tcp6 0 0 :::23 :::* LISTEN -
So you have a really vulnerable telnet service on the server (LISTEN on port 23). Otherwise, a vulnerable telnet service on your server is not running and you have no reason to worry 😀.
Then you need to contact the customer security team so that they can give a detailed explanation of which vulnerabilities they discovered, which you write about in your initial question.
This comment was originally posted on DCIM Support by spezialist on 2018-07-29
Tell us, please, did you solve your question or not?
Discuss challenges in energy and automation with 30,000+ experts and peers.
Find answers in 10,000+ support articles to help solve your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!