Finger 0@host Unused Account Disclosure

medium Nessus Plugin ID 10069


The remote service is prone to information disclosure.


The remote host is running a 'finger' service that suffers from an information disclosure vulnerability. Specifically, it allows an unauthenticated attacker to display a list of accounts on the remote host that have never been used. This list can help an attacker to guess the operating system type and also focus his attacks.


Filter access to this port, upgrade the finger server, or disable it entirely.

Plugin Details

Severity: Medium

ID: 10069

File Name: finger_0.nasl

Version: 1.33

Type: remote

Family: Misc.

Published: 6/22/1999

Updated: 8/10/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Vulnerability Publication Date: 1/1/1995

Reference Information

CVE: CVE-1999-0197