Top 10 Critical Findings of Pentest in 2024: What You Need to Know

One of the most effective ways for IT professionals to discover weaknesses in a company before cybercriminals do is through penetration testing. By simulating real-world cyber attacks, penetration tests, often called pentests, provide invaluable information about an organization’s security posture, revealing vulnerabilities that could lead to data breaches or other security incidents.

Vonahi Security, the creators of vPenTest, an automated network penetration testing platform, has just released their annual report, “Top 10 Critical Pentest Findings 2024”. In this report, Vonahi Security conducted over 10,000 automated network pentests, uncovering the top 10 internal network pentest findings in over 1,200 organizations.

Below are these critical findings to better understand common exploitable vulnerabilities that organizations face and how to effectively address them.

1. Multicast DNS (mDNS) Spoofing
Multicast DNS (mDNS) is a protocol used in small networks to resolve DNS names without a local DNS server. This can be exploited by attackers who can respond with the IP address of their own system.

Recommendations:
– Disable mDNS if not in use, which can be achieved by disabling the Apple Bonjour or avahi-daemon service.

2. NetBIOS Name Service (NBNS) Spoofing
NetBIOS Name Service (NBNS) is used in internal networks to resolve DNS names when a DNS server is not available. This can be exploited by attackers who can respond with their own system’s IP address.

Recommendations:
– Configure the registry key UseDnsOnlyForNameResolutions to prevent systems from using NBNS queries.
– Disable NetBIOS service for all Windows hosts on the internal network.

3. Link-Local Multicast Name Resolution (LLMNR) Spoofing
LLMNR is a protocol used in internal networks to resolve DNS names when a DNS server is not available. This can be exploited by attackers.

Recommendations:
– Configure the Multicast Name Resolution registry key to prevent systems from using LLMNR queries.
– Use Group Policies to disable LLMNR.

4. IPv6 DNS Spoofing
IPv6 DNS spoofing occurs when a fake DHCPv6 server is deployed on a network.

Recommendations:
– Disable IPv6 unless necessary for business operations.
– Implement DHCPv6 guards on network switches.

5. Outdated Microsoft Windows Systems
An outdated Windows system is vulnerable to attacks as it does not receive security updates.

Recommendations:
– Replace outdated versions of Microsoft Windows with updated and supported operating systems.

6. IPMI Authentication Bypass
Intelligent Platform Management Interface (IPMI) allows administrators to centrally manage servers but has vulnerabilities that allow attackers to bypass authentication.

Recommendations:
– Restrict IPMI access to a limited number of systems.
– Disable IPMI service if not needed.
– Change the default administrator password to a more secure one.

7. Microsoft Windows RCE Vulnerability (BlueKeep)
Systems vulnerable to CVE-2019-0708 (BlueKeep) were identified during tests.

Recommendations:
– Apply security updates to affected systems immediately.

8. Reuse of Local Administrator Password
Many systems were found to share the same local administrator password.

Recommendations:
– Use solutions like Microsoft Local Administrator Password Solution (LDAPS) to ensure local administrator passwords are not consistent.

9. Microsoft Windows RCE Vulnerability (EternalBlue)
Systems vulnerable to MS17-010 (EternalBlue) were identified during tests.

Recommendations:
– Apply security updates to affected systems immediately.

10. Dell EMC IDRAC 7/8 CGI Injection (CVE-2018-1207)
Dell EMC iDRAC7/iDRAC8 versions prior to 2.52.52.52 are vulnerable to CVE-2018-1207, allowing attackers to run commands with root privileges.

Recommendations:
– Update the firmware to the latest available version.

By addressing these common vulnerabilities, organizations can improve their security posture and better protect themselves against cyber threats.

Scroll to Top