deadFX wrote:
Hi,
Can someone expand on the fix please? I get error that I am unauthorized or the KB article has been moved. I use the free version, but I need to close this exploit.
Thanks!
I'm unsure what issue you've had there - the link works fine for me. Maybe it was temporarily broken?
Regardless, calling this an "exploit" is stretching it. Your hosts should not be accessible via the public Internet. This means you should only be accessing them via trusted networks. This means the chance of intercept and therefore hijack is already mitigated.
If, for some reason, your hosts are accessible via the public Internet, the chance of exploiting this is still precisely 0 unless you logon from a public access point or something equally untrusted, and someone happens to be waiting to steal your credentials. Access your hosts over a VPN and again, the chance of compromise is 0.
Then you've got the Wikipedia, which largely refers to it as a client side issue:
http://en.wikipedia.org/wiki/CRIME_(security_exploit)
Trusting Nessus blindly is not a security solution.