Medium Nessus Plugin ID 10072
SynopsisThe finger service running on the remote host has an information disclosure vulnerability.
DescriptionIt is possible to force the remote finger daemon to display a list of accounts that have never been used by issuing the request :
finger [email protected]
A remote attacker could use this information to guess which operating system is running or mount further attacks against these accounts.
SolutionDisable or filter access to the finger daemon.