Top 20 Vulnerabilities: The List

List of the SANS/FBI Top 20 Most Critical Internet Security Vulnerabilities.

SANS/FBI Top 20 Most Critical Internet Security Vulnerabilities:

Top Vulnerabilities to Windows Systems

  • Internet Information Services (IIS)
  • Microsoft Data Access Components (MDAC) -- Remote Data Services
  • Microsoft SQL Server
  • NETBIOS -- Unprotected Windows Networking Shares
  • Anonymous Logon -- Null Sessions
  • LAN Manager Authentication -- Weak LM Hashing
  • General Windows Authentication -- Accounts with No Passwords or Weak Passwords
  • Internet Explorer
  • Remote Registry Access
  • Windows Scripting Host

Top Vulnerabilities to Unix Systems

  • Remote Procedure Calls (RPC)
  • Apache Web Server
  • Secure Shell (SSH)
  • Simple Network Management Protocol (SNMP)
  • File Transfer Protocol (FTP)
  • R-Services -- Trust Relationships
  • Line Printer Daemon (LPD)
  • Sendmail
  • BIND/DNS
  • General Unix Authentication -- Accounts with No Passwords or Weak Passwords