Remove product version from non-authenticated page
Posted: Thu Jan 29, 2015 7:35 pm
I just realized, at the bottom of my Nagios Log Server page, prior to logging in, is displayed the current version of NLS. This is not within best IT security practices, as it provides an intruder with potential information specific to that version of NLS that could be used as an attack vector.
I recommend moving the "Nagios Log Server • 2015R1.1 • Check for updates" to an authenticated page.
The same would apply to NNA as well, but I'm not going to double post.
I recommend moving the "Nagios Log Server • 2015R1.1 • Check for updates" to an authenticated page.
The same would apply to NNA as well, but I'm not going to double post.