|
Family: FTP --> Category: infos
Solaris FTPd tells if a user exists Vulnerability Scan
Vulnerability Scan Summary CWD ~root before logging in
Detailed Explanation for this Vulnerability Test
It is possible to acertain the existence of a
user on the remote system by issuing the command
CWD ~, even before logging in.
Ie:
telnet target 21
CWD ~root
530 Please login with USER and PASS.
CWD ~nonexistinguser
530 Please login with USER and PASS.
550 Unknown user name after ~
A possible hacker may use this to acertain the existence of
known to be vulnerable accounts (like guest) or to
acertain which system you are running.
Solution : inform your vendor, and ask for a patch, or
change your FTP server
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|