vulnerability
Scanning Diagnostics: WinRM service was accessible over unencrypted protocol
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 1 | (AV:L/AC:H/Au:M/C:N/I:N/A:N) | Nov 2, 2021 | Nov 2, 2021 | Nov 2, 2021 |
Severity
1
CVSS
(AV:L/AC:H/Au:M/C:N/I:N/A:N)
Published
Nov 2, 2021
Added
Nov 2, 2021
Modified
Nov 2, 2021
Description
The following information is for Scan Diagnostic purposes only, and is not indicative of a detected vulnerability.
WinRM should be configured to only be accessible over HTTPS, connections over HTTP are not secure and may leak data.
WinRM access is required for accurate Windows Policy assessments, it is used to collect information on hardening compliance, amongst other Windows configuration data.
Solution
rapid7-diagnostics-winrm-unencrypted
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.