Environment
Novell Access Manager 3 Access Administration
Novell Access Manager 3 Support Pack 4 applied
Novell Access Manager 3 Support Pack 4 applied
Situation
Running a Nessus scan on the Access Manager Administration console server results in warnings
regarding Public browse rights. The following output is visible ..
Warning ncp (524/tcp)
Synopsis :
Remote directory server leaks information.
Description :
This host is a Novell Netware (eDirectory) server, and has browse
rights on the PUBLIC object.
It is possible to enumerate all NDS objects, including users, with
crafted queries. An attacker can use this to gain information about
this host.
Solution :
The NDS object PUBLIC should not have Browse rights the tree should
be restricted to authenticated users only.
Removing Browse rights from the object will fix this issue. If this
is an external system it is recommended that access
to port 524 be blocked from the Internet.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
It was possible to gather the following information about the
remote host :
Server Name: AM_ADMIN
NDS Tree Name: AM_ADMIN_TREE
NDS Users: ADMIN
Nessus ID : 10988
Resolution
Remove the public trustee to [Root] using the Admin Console UI. Simply click the 'View Objects' option in iManager, 'Browse' to the Tree Name and select the 'Modify Trustees' option. From here, remove the Public trustee.
Note: Without the public trustee assignments, contextless logins will fail eg. logging into the Admin Console as admin will fail; it will require the .admin.novell username.
Note: Without the public trustee assignments, contextless logins will fail eg. logging into the Admin Console as admin will fail; it will require the .admin.novell username.