DESCRIPTION LAST UPDATED: 2024-01-01
DEFAULT SEVERITY LEVEL: HIGH
This report identifies hosts that have the X Display Manager service running and accessible on the Internet.
Our probe tests to see if the X Display Manager is accessible by sending a “Query” packet to the XDMCP port (177/UDP) and listening for the responses.
The responses received are typically either of the “Willing” type, which means that the X Display Manager is willing to provide service, or the “Unwilling” type, which means that the X Display Manager is not willing to provide services.
XDMCP leaks information about the host system and, in addition, it can be used in an amplification attack, providing an approximate 7x amplification. Please note that it does not matter if XDMCP responds with a “Willing” or an “Unwilling”; the service provides the same level of amplification.
Technical details of the XDMCP protocol can be found on the x.org website.
Severity levels are described here.
For more information on our scanning efforts, check out our Internet scanning summary page..