rsh Unauthenticated Access (via finger Information)

critical Nessus Plugin ID 10380

Synopsis

It was possible to log on this machine without password.

Description

Using common usernames as well as the usernames reported by 'finger', Nessus was able to log in through rsh. Either the accounts are not protected by passwords or the ~/.rhosts files are not configured properly.

This vulnerability is confirmed to exist in Cisco Prime LAN Management Solution, but could be present on any host that is not securely configured.

Solution

If the remote host is a Cisco Prime LAN Management Solution virtual appliance, apply the relevant patch referenced in Cisco security advisory cisco-sa-20130109-lms.

Otherwise, remove the .rhosts files or set a password on the impacted accounts.

Plugin Details

Severity: Critical

ID: 10380

File Name: rsh_users.nasl

Version: 1.29

Type: remote

Published: 4/23/2000

Updated: 7/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: rsh/active

Excluded KB Items: global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2012-6392

BID: 57221

CISCO-SA: cisco-sa-20130109-lms

IAVA: 2013-A-0019

CISCO-BUG-ID: CSCuc79779