Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Solaris in.fingerd Crafted Request Information Disclosure

Medium

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote finger server discloses the full list of its users when it receives the query "a b c d e f g h". An attacker may use this flaw to try to log in with the name of each account being displayed, hoping to find a null or trivial password.

Solution

Disable the finger service.