Intrusion PreventionTFTP.GET.Passwd
Description
It indicates an attempt to access the password file on a host running the Trivial File Transfer Protocol (TFTP) service.
There is a long-known security hole in TFTP that allows any unauthenticated user to read any readable files and to write any writable files on a remote system. Attackers can take advantage of this to get sensitive password information.
Affected Products
Any unprotected SunOS 3.x is vulnerable.
Impact
Information leak may assist future attacks.
Recommended Actions
Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2021-04-13 | 18.057 |
Modified
|
Sig Added |
| ID | 13066 |
| Created | Sep 11, 2006 |
| Updated | Aug 29, 2022 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 2.25% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD, Solaris, Other |
| Affected App | Other |
| Profile Type | Information Disclosure |