Finger 0@host Unused Account Disclosure

medium Nessus Plugin ID 10069

Synopsis

The remote service is prone to information disclosure.

Description

The remote host is running a 'finger' service that suffers from an information disclosure vulnerability. Specifically, it allows an unauthenticated attacker to display a list of accounts on the remote host that have never been used. This list can help an attacker to guess the operating system type and also focus his attacks.

Solution

Filter access to this port, upgrade the finger server, or disable it entirely.

Plugin Details

Severity: Medium

ID: 10069

File Name: finger_0.nasl

Version: 1.33

Type: remote

Family: Misc.

Published: 6/22/1999

Updated: 8/10/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Vulnerability Publication Date: 1/1/1995

Reference Information

CVE: CVE-1999-0197