|
|
|
|
|
|
|
| |
Finger .@host Unused Account Disclosure |
|
| This script is Copyright (C) 1999-2010 Tenable Network Security, Inc. |
|
|
| Family | Finger abuses |
| Nessus Plugin ID | 10072 (finger_dot.nasl) |
| Bugtraq ID |
|
| CVE ID | CVE-1999-0198
|
|
| Description: |
Synopsis :
The finger service running on the remote host has an information
disclosure vulnerability.
Description :
It is possible to force the remote finger daemon to display a list of
accounts that have never been used by issuing the request :
finger .@target
A remote attacker could use this information to guess which operating
system is running, or to mount further attacks on these accounts.
See also :
http://www.nessus.org/u?b5a66556
Solution :
Disable or filter access to the finger daemon.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
|
|
|
|
|
|
