CCE-92473-8| Platform: cpe:/o:oracle:linux:7 | Date: (C)2019-11-07 (M)2023-07-04 |
The '.netrc' files contain login information
used to auto-login into FTP servers and reside in the user's home
directory. These files may contain unencrypted passwords to
remote FTP servers making them susceptible to access by unauthorized
users and should not be used. Any '.netrc' files should be removed.
Parameter:
[no/yes]
Technical Mechanism:
Unencrypted passwords for remote FTP servers may be stored in '.netrc'
files. DoD policy requires passwords be encrypted in storage and not used
in access scripts.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.8 | Attack Vector: LOCAL |
| Exploit Score: 2.0 | Attack Complexity: LOW |
| Impact Score: 6.0 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49415 |
