AMP has vulnerabilites according to our Security Scanner

GD-Dal · 28 January 2025 16:21

We have a company running security scans for us.
I happen to run an AMP server on the scanned network.

Every time, the security report is reporting the AMP instance:

443/tcp www: Info leak (backup-/config files)
8080/tcp www: Info leak (backup-/config files)

and

2223/tcp ssh Weak SSH kryptering

I run a single instance on this server; a Valheim server, with this network port status:

Doesn’t seem that that instance is even using port 2223, so where is this coming from?

And why is port 8080 open?
I can reach the AMP server on both http://amp.domain.tld:8080 and https://amp.domain.tld

What can be done to please the Security Scanner?

The server is running on a Ubuntu Linux server

Thanks

ThePotatoKing · 29 January 2025 18:46

Port 2223 is the ADS instance’s SFTP (not a real SSH environment as well, just a minimal SFTP implementation)
Port 8080 is usually rebound to 127.0.0.1 when you set up HTTPS, but isn’t in your case for whatever reason. (run ampinstmgr rebind ADS01 127.0.0.1 8080 to rebind it)
Not sure what it means by Info leak (backup-/config files) though, try referring to the scanner’s logs and/or documentation for more info on what could cause that.

system · 28 February 2025 18:47

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.