Homework answers / question archive / Question 1)  Take a look at the vulnerabilities present on the machine

Question 1)  Take a look at the vulnerabilities present on the machine

Computer Science

Share With

---

Question 1)  Take a look at the vulnerabilities present on the machine. Each Team Member should choose 2 vulnerabilities from the report and explain how these could severely impact an organization. Relate your answer to the CIA Triad. Answers should explain the issue and the potential fallout in a short paragraph or two. List the name of the team member and their two contributions below.

Answer for Question 1) 

1. 2.1.18 Medium 6667/tcp: UnrealIRCd authentication spoofing vulnerability.

If this security flaw is exploited, it will be possible for an unauthorized user to log in to the system using the credentials of another user and gain access to the system. This compromises confidentiality because unauthorized users can access the data. If the attacker makes changes, this compromises integrity. If this user can gain higher privilege by taking advantage of another system flaw, then this malicious user can stop critical services or delete critical configuration files, which can affect availability. 

 

2) 2.1.19 Medium 5432/tcp: OpenSSL CCS Man in the Middle Security Bypass Vulnerability.

 

Because of this vulnerability, a malicious person can force an OpenSSL connection to make use of a weak encryption method. The bad actor can then obtain access to the data that is transmitted while using the weak encryption method. This data can be easily decoded because the weak encryption method was used. The confidentiality of the CIA trio is being compromised because of this.

 

Use Question one to answer all the following Question

 

Question 4.1  Which vulnerability did each team member choose? Be specific in what information you gained from the OpenVAS Scan Report?

Question 4.2 How/Where did you research this vulnerability? What information did you gather? Were you able to exploit the vulnerability?

Question 4.3 Were you able to patch the vulnerability? In a short paragraph, explain the steps you took to remediate the vulnerability, and whether your patch was effective or not.

Question 4.4 Pretend you found this vulnerability on an Organization's machine. How would you explain to them the present risk, and why they should patch the vulnerability?