FKey Arbitrary Remote File Disclosure

Medium Nessus Plugin ID 16224


The remote finger daemon has an information disclosure vulnerability.


The remote finger daemon (possibly 'fkey') allows users to read arbitrary files by supplying a file name that is 10 characters or shorter. A remote attacker could exploit this to read sensitive information, which could be used to mount further attacks.


There is no known fix at this time. Disable this service.

See Also

Plugin Details

Severity: Medium

ID: 16224

File Name: fkey_file_disclosure.nasl

Version: $Revision: 1.12 $

Type: remote

Family: Misc.

Published: 2005/01/21

Modified: 2016/11/19

Dependencies: 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/01/21

Reference Information

BID: 12321

OSVDB: 13202