Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Useless services >> Rlogin Server Detection


Vulnerability Assessment Details

Rlogin Server Detection

Vulnerability Assessment Summary
Searches for the existence of rlogin

Detailed Explanation for this Vulnerability Assessment

Summary :

The rlogin service is listening on the remote port.

Description :

The remote host is running the 'rlogin' service. This service is dangerous in
the sense that it is not ciphered - that is, everyone can sniff the data that
passes between the rlogin client and the rloginserver. This includes logins
and passwords.

Also, it may permit poorly authenticated logins without passwords. If the
host is vulnerable to TCP sequence number guessing (from any network)
or IP spoofing (including ARP hijacking on a local network) then it may
be possible to bypass authentication.

Finally, rlogin is an easy way to turn file-write access into full logins
through the .rhosts or rhosts.equiv files.

You should disable this service and use ssh instead.

Solution :

Comment out the 'login' line in /etc/inetd.conf

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 1999 - 2006 Tenable Network Security

Cables, Connectors


Dell Precision Tower 5810 Xeon E5-1620 v4 3.5GHz 16GB 256GB SSD 825W Pwr Supply picture

Dell Precision Tower 5810 Xeon E5-1620 v4 3.5GHz 16GB 256GB SSD 825W Pwr Supply

$119.00



Lenovo Thinkstation P520c Xeon W-2133 32GB RAM 256GB SSD DVD Quadro P620 W10 Pro picture

Lenovo Thinkstation P520c Xeon W-2133 32GB RAM 256GB SSD DVD Quadro P620 W10 Pro

$229.00



INTEL XEON PLATINUM 8180M SR37T 2.50GHz FCLGA3647 Server CPU Processor picture

INTEL XEON PLATINUM 8180M SR37T 2.50GHz FCLGA3647 Server CPU Processor

$199.99



New HP Z2 SFF G5 Workstation Intel Xeon W-1250 3.30GHz 32GB DDR4 256GB SSD NO OS picture

New HP Z2 SFF G5 Workstation Intel Xeon W-1250 3.30GHz 32GB DDR4 256GB SSD NO OS

$349.99



Intel Xeon Gold 6138 2.0 GHz 20 Cores SR3B5 CD8067303406100 picture

Intel Xeon Gold 6138 2.0 GHz 20 Cores SR3B5 CD8067303406100

$27.00



Intel Xeon E5-2667 V2 LGA 2011 3.3GHz 8 Core 130W 25MB 8GT/s CPU Processor picture

Intel Xeon E5-2667 V2 LGA 2011 3.3GHz 8 Core 130W 25MB 8GT/s CPU Processor

$13.96



Intel Xeon Gold 6138 2.0GHz 27.5MB 20-Core 125W LGA3647 SR3B5 picture

Intel Xeon Gold 6138 2.0GHz 27.5MB 20-Core 125W LGA3647 SR3B5

$32.00



Intel Xeon E5-2697A V4 2.6GHz 16-Core Processor CPU LGA2011 SR2K1 picture

Intel Xeon E5-2697A V4 2.6GHz 16-Core Processor CPU LGA2011 SR2K1

$39.99



HP Z2 Mini G3 Workstation Xeon E3-1225 V5 8GB RAM 256GB SSD Used No OS picture

HP Z2 Mini G3 Workstation Xeon E3-1225 V5 8GB RAM 256GB SSD Used No OS

$126.00



Intel Xeon Gold 6248 2.50ghz 20 Cores Server Processor 3.90 Max Turbo Frequency picture

Intel Xeon Gold 6248 2.50ghz 20 Cores Server Processor 3.90 Max Turbo Frequency

$200.00



Discussions

No Discussions have been posted on this vulnerability.