|
| TC: | 12013 | |
| Description: | The identification protocol (a.k.a ident) provides a way to determine the identity of a user of a particular TCP connection. Given a TCP/port number pair, it returns a character string which identifies the owner of that connection on the ident server's system. Usually, a remote server would contact the local ident server to get more information about the client user. This system runs an ident server. Application protocols do not usually require an ident server. | |
| TC Impact: | Gather Info | |
| Service: | Authentification Service |
| Vulnerability Publication: | Unknown | |
| Advisory Copyright: | Unknown | |
| Summary: | The system configuration could result in user information disclosure (e.g. user names) to the outside world. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 10 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | User identity can be revealed while they access remote networks. | |
| Nature of Remediation: | Disable the service. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Undefined ***** Disable ident server if not needed. |
| References: | ||
| http://www.ietf.org/rfc/rfc1413.txt |
| CVE Link: |
CVE-1999-0629 |
 |
|---|
| Glossary: |
TCP TCP port |
|---|