CVE-1999-0524 - ICMP Timestamp Request Remote Date Disclosure vulnerability in Security Analytics
search cancel

CVE-1999-0524 - ICMP Timestamp Request Remote Date Disclosure vulnerability in Security Analytics

book

Article ID: 381134

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

This is a low risk vulnerability that could allow a remote user to see the exact time set on the remote host.  The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Resolution

Typically ICMP is disabled by default on Security Analytics.  You can check this by running the following command at the CLI: 

iptables -nL | grep icmp

If disabled, the results will look like this: 

DROP       icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 13
DROP       icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 14
ACCEPT     icmp --  0.0.0.0/0

You can also see this from the GUI by going to https://<IP_of_server>/settings/security and looking for this in the Firewall section: