Thanks to Selden Ball, Stan Horowitz and Arrigo Triulzi, the common
thread is that:
- the auditors need to provide more information
- this is possibly a false trigger
- the auditors have a typo in the report
Original message
We got an audit report listing a vulnerbility with one of our Tru64 4.0g
machines. I am trying to figure out exactly what they mean. The text
says:
Default account/passwords for Rsh, Telnet and Rsh vulnerable in
host.equiv
First off I don't know of a host.equiv file, only hosts.equiv. There
are no hosts listed in the hosts.equiv file so I am not sure what is
being flagged here.
Any suggestions on what is being flagged and what the fix should be are
appreciated.
Michael Smith
(864) 282-9235
Received on Tue Jan 29 2002 - 16:27:29 NZDT