Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running.

The rpc.sprayd service is running.

A version of finger is running that exposes valid user information to any entity on the network.

A system-critical Windows NT registry key has an inappropriate value.

An incorrect configuration of the Webcart CGI program could disclose private information.

An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information.

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.

An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information.

An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.

A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

A network intrusion detection system (IDS) does not verify the checksum on a packet.

A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.

A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.

A Windows NT log file has an inappropriate maximum size or retention period.

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.