Small Business Server 2003: Microsoft FrontPage Unpassworded Installation
We don't run a internal website, other then a 3rd party webapp for payroll.
Trustwave PCI scan is reporting that our FrontPage is unpassworded, and is a risk (tcp/443). But we don't run or use Front Page.
TrustWave Error:
Microsoft FrontPage Unpassworded Installation The FrontPage service on this server does not appear to have a password configured. FrontPage allows remote authoring of web sites, meaning that unprotected servers may be modified by anyone who discovers this service running. CVSSv2: AV:N/AC:L/Au:N/C:P/I:P/A:P)(7.50) Service: http Reference: http:// . ciac.org/ciac/bulletins/k-048.shtml Evidence: Response:web.archive.org/ web/ 20080103161410/ http:/ / www vermeer RPC packet method=open service:5.0.2.2623
service= Check your FrontPage configuration and set a strong password. system. In the tables below you can find the following information about each TrustKeeper finding. • • • • For more information on how to read this section and the scoring methodology used, please refer to the appendix. Severity - This identifies the risk of the vulnerability and (where applicable) the CVSS score. PCI - Findings that are PCI compliance violations are indicated with a PCI icon. In order to pass a vulnerability scan, these findings must be addressed. Vulnerability - This describes the details of the finding, along with the CVE identifier - an industry standard for cataloging vulnerabilities. If you are looking for a specific vulnerability, you may search for the CVE Identifier using your PDF viewer's normal search functions. Remediation - TrustKeeper provides specific guidance on actions you can take to address each vulnerability. Confidential Information: This document may contain information that is privileged, confidential or otherwise protected from disclosure
Would anyone have suggestions on how to correct this?
