{"description": "XDMCP is an unencrypted protocol, and therefore, presents a security risk, see e.g.\n<a xmlns='http://www.w3.org/1999/xhtml' href='https://help.gnome.org/admin/gdm/stable/security.html.en_GB#xdmcpsecurity'>XDMCP Gnome docs</a>.\n\nTo disable XDMCP support in Gnome, set <code>Enable</code> to <code>false</code> under the <code>[xdmcp]</code> configuration section in <code>/etc/gdm3/custom.conf</code>. For example:\n<pre>\n[xdmcp]\nEnable=false\n</pre>", "rationale": "XDMCP provides unencrypted remote access through the Gnome Display Manager (GDM) which does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session. If a privileged user were to login using XDMCP, the\nprivileged user password could be compromised due to typed XEvents\nand keystrokes will traversing over the network in clear text.", "severity": "high", "references": {"cis": ["1.7.10"]}, "control_references": {"cis": ["1.7.10"]}, "components": [], "identifiers": {}, "ocil_clause": "the Enable is not set to false or is missing in the xdmcp section of the /etc/gdm3/custom.conf gdm configuration file", "ocil": "To ensure that XDMCP is disabled in <code>/etc/gdm3/custom.conf</code>, run the following command:\n<pre>grep -Pzo \"\\[xdmcp\\]\\nEnable=false\" /etc/gdm3/custom.conf</pre>\nThe output should return the following:\n<pre>\n[xdmcp]\nEnable=false\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Disable XDMCP in GDM", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/rule.yml", "template": null}