Solaris in.fingerd Crafted Request Information Disclosure
Medium Nessus Network Monitor Plugin ID 1280
SynopsisThe remote host may give an attacker information useful for future attacks
DescriptionThe remote finger server discloses the full list of its users when it receives the query "a b c d e f g h". An attacker may use this flaw to try to log in with the name of each account being displayed, hoping to find a null or trivial password.
SolutionDisable the finger service.