Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-846 | GEN004820 | SV-846r2_rule | ECSC-1 | Medium |
Description |
---|
Due to the numerous vulnerabilities inherent in anonymous FTP, it is recommended that it not be used. If anonymous FTP must be used on a system, the requirement must be authorized and approved in the system accreditation package. |
STIG | Date |
---|---|
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2015-10-01 |
Check Text ( C-711r2_chk ) |
---|
Attempt to log into this host with a user name of anonymous and a password of guest (also try the password of guest@mail.com). If the logon is successful, this is a finding. Procedure: # ftp localhost Name: anonymous 530 Guest login not allowed on this machine. |
Fix Text (F-1000r2_fix) |
---|
Configure the FTP service to not permit anonymous logins. |