CVE-1999-0612 in finger
Summary
by MITRE
a version of finger is running that exposes valid user information to any entity on the network.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/16/2026
The vulnerability described in CVE-1999-0612 represents a fundamental security flaw in the finger protocol implementation that was prevalent in network services during the late 1990s. This issue stems from the finger daemon's design which was intended to provide user information lookup services but inadvertently exposed detailed system user accounts to unauthorized network entities. The finger protocol operates on TCP port 79 and was commonly used in unix-like systems to retrieve user information including usernames, real names, login times, and terminal information. The flaw occurs when the finger service is enabled without proper access controls or authentication mechanisms, allowing any remote attacker to query the service and receive comprehensive user account information from the target system.
This vulnerability directly maps to CWE-200, which describes the exposure of sensitive information to an unauthorized actor, and represents a classic example of information disclosure through network services. The finger protocol was designed with minimal security considerations in mind, relying on the assumption that network access was already trusted. However, this approach proved inadequate as network environments became more complex and hostile. The vulnerability exposes not only usernames but also potentially sensitive information about user login patterns, system usage, and account validity, which can be leveraged for further attacks. From an operational security perspective, this represents a critical weakness that allows attackers to enumerate valid accounts and gather intelligence for subsequent exploitation attempts.
The operational impact of CVE-1999-0612 extends beyond simple information disclosure, as the exposed user information can facilitate various attack vectors including account enumeration, social engineering, and credential guessing attacks. Attackers can use the collected information to craft targeted phishing campaigns or perform brute force attacks against specific user accounts. The vulnerability also violates fundamental security principles by providing unauthorized access to system user information without proper authentication or authorization checks. According to ATT&CK framework, this maps to T1087.001 - Account Discovery: Local Account, where adversaries gather information about local accounts to understand system access patterns and identify potential targets. The exposure of valid usernames creates a significant risk for privilege escalation attacks and can be combined with other vulnerabilities to compromise system integrity.
The recommended mitigations for this vulnerability include disabling the finger service entirely on systems where it is not required, implementing proper network access controls through firewalls to restrict finger protocol access, and replacing the finger service with more secure alternatives such as LDAP or modern authentication mechanisms. System administrators should also implement network segmentation to limit access to finger services to authorized networks only. The most effective long-term solution involves removing the finger daemon from system configurations and relying on secure protocols for user information access. Additionally, regular security audits should verify that finger services are disabled on systems where they pose no legitimate business function, as the protocol's inherent design flaws make it unsuitable for modern security requirements. Organizations should also consider implementing intrusion detection systems to monitor for finger protocol traffic and alert on unauthorized access attempts.