Summary
This host is running Finger service and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks.
Impact Level: Application
Solution
Disable finger service, or install a finger service or daemon that limits the type of information provided.
Insight
The flaw exists due to finger service display a list of unused accounts for a 'finger 0@host' request.
Affected
GNU Finger.
References
Severity
Classification
-
CVE CVE-1999-0197 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities