A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.

A DNS server allows inverse queries.

A DNS server allows zone transfers.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.

A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.

A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

IP traceroute is allowed from arbitrary hosts.

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

ICMP echo (ping) is allowed from arbitrary hosts.

The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate.

An NIS domain name is easily guessable.

A system-critical NETBIOS/SMB share has inappropriate access control.

A NETBIOS/SMB share password is the default, null, or missing.

A NETBIOS/SMB share password is guessable.

An SNMP community name is the default (e.g. public), null, or missing.