|
Family: Finger abuses --> Category: infos
Cfinger's search.**@host feature Vulnerability Scan
Vulnerability Scan Summary finger .@host feature
Detailed Explanation for this Vulnerability Test
The remote host is running 'cfingerd', a finger daemon.
There is a bug in the remote cfinger daemon which allows
anyone to get the lists of the users of this system, when
issuing the command :
finger search.**@victim
This information can in turn be used by a possible hacker to set up
a brute force login attack against this host.
Solution : use another finger daemon or disable this service in /etc/inetd.conf
Threat Level: Low / Medium
Click HERE for more information and discussions on this network vulnerability scan.
|