Internal documentation only

This page has been marked as draft.

How to mitigate the Security exploit in NSClient++ 0.5.2.35

According to this page, NSClient++ 0.5.2.35 has a vulnerability in the built-in web server.:

“When NSClient++ is installed with Web Server enabled, local low privilege users have the ability to read the web administator’s password in cleartext from the configuration file. From here a user is able to login to the web server and make changes to the configuration file that is normally restricted.”

The web server is used for configuration of NSClient++. By default the web server is disabled.

This only affects users who have enabled the web server. To check if it is enabled run the following command in a powershell window:

PS C:\Program Files\NSClient++> .\nscp.exe settings --list | select-string WEBServer

If it says “/modules.WEBServer=disabled”, the web server isn’t enabled and you’re not affected by the exploit.

To disable, run the following command:

PS C:\Program Files\NSClient++> .\nscp.exe settings --path '/modules' --key "WEBServer" --set "disabled"

And restart the service:

PS C:\Program Files\NSClient++> .\nscp.exe service --restart

Verify that the web server is disabled by running the first command again. Also, you shouldn’t be able to reach https://windowsmachine:8443.

More information about the built-in webserver can be found here.

Previous article Next article

How to mitigate the Security exploit in NSClient++ 0.5.2.35

Was this topic helpful?

Your thoughts...

How can we improve this topic?

Your thoughts...

Thank you for your feedback!