RPC call with suspicious credentials
| rpc-suspicious-credentials (8491) |  Medium Risk |
Description:
RPC (Remote Procedure Call) credentials have been supplied to the server that look suspicious, which could indicate an attempt by a remote attacker to bypass security checks. When authenticating with the RPC server, the client may provide credentials that include the caller's computer name. For example, some of these credentials might include the name "localhost" in an attempt to convince the server that the remote request was actually local.
Consequences:
Bypass Security
Remedy:
Ensure that your personal firewall, operating system, and programs are up-to-date in order to minimize the threat of a system compromise.
References:
- Request for Comment document RFC 1831: RPC: Remote Procedure Call Protocol Specification Version 2.
Platforms Affected:
- Various vendors Any application
- Various vendors RPC Portmapper
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net