Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Finger abuses
Title:Finger dot at host feature

There is a bug in the remote finger service which, when triggered, allows
a user to force the remote finger daemon to display the list of the accounts
that have never been used, by issuing the request :

finger .@target

This list will help an attacker to guess the operating system type. It will
also tell him which accounts have never been used, which will often make him
focus his attacks on these accounts.

Solution : disable the finger service in /etc/inetd.conf and restart the inetd
process, or upgrade your finger service.

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-1999-0198
CopyrightThis script is Copyright (C) 1999 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2024 E-Soft Inc. All rights reserved.