OSVDB ID: 11451 Title: finger Service Remote Information Disclosure |
Info |
|
|
Dates |
||||
|
|
Description |
The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Information Disclosure Impact: Loss of Confidentiality Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Access to the finger service should be restrcited from the general public, or removed entirely if operationally possible. |
Products |
|
References |
Credit |
Unknown or Incomplete |