Open port leads to information disclosure
State Informative (Closed)
Disclosed publicly 2018-09-10T09:40:40.291Z
Reported To
Weakness Information Disclosure
Bounty
Collapse


Timeline
submitted a report to Weblate .
2017-04-24T12:25:25.022Z

Open port 10022 leads to disclosure of open-ssh version and current Debian version being used.

POC-

  1. I performed an nmap scan ( nmap -A -T4 -p- weblate.org)
  2. I saw the port 10022 was open and I did a telnet connect to the port.
  3. As soon as I did the telnet connect it returned me the openssh version and the debian version (check the .png file) 4.I wasn't able to run any sort of commands as whatever I typed returned a protocol mismatch error.

This doesn't necessarily mean a security issue as long as everything is being patched regularly.

Regards,
Frans

nijel Activities::BugInformative
2017-04-24T14:31:54.593Z
Thanks, we're aware of this and the server is regularly patched.


str33 Activities::AgreedOnGoingPublic
2017-05-20T12:34:45.741Z


nijel Activities::AgreedOnGoingPublic
2018-09-10T09:40:40.243Z


nijel Activities::ReportBecamePublic
2018-09-10T09:40:40.316Z