Solaris in.fingerd Unused Accounts Disclosure

medium Nessus Plugin ID 10788


The remote finger service has an information disclosure vulnerability.


The remote Solaris finger daemon will return a list of accounts that have never been used when it receives the request :

finger 'a b c d e f g h'@target

A remote attacker could use this information to guess which operating system is running, or to mount further attacks on these accounts.


Apply the relevant patches from Sun.

See Also

Plugin Details

Severity: Medium

ID: 10788

File Name: finger_solaris_disclosure.nasl

Version: 1.27

Type: remote

Family: Misc.

Published: 10/22/2001

Updated: 7/11/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 10/22/2001

Reference Information

CVE: CVE-2001-1503

BID: 3457