Rlogin service running

Description

The rlogin service is running on this host. Rlogin allows users to log in on another host via a network, as if they were physically present at the computer. Rlogin has several serious security problems:

  • All information, including passwords, is transmitted unencrypted (making it vulnerable to interception).
  • The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to login without a password) - for this reason many corporate system administrators prohibit .rlogin files and actively search their networks for offenders.
  • The protocol partly relies on the remote party's rlogin client providing information honestly (including source port and source host name). A corrupt client is thus able to forge this and gain access, as the rlogin protocol has no means of authenticating other machines' identities, or ensuring that the rlogin client on a trusted machine is the real rlogin client.
  • The common practice of mounting users' home directories via NFS exposes rlogin to attack by means of fake .rhosts files - this means that any of NFS' (legion) security faults automatically plague rlogin.

Remediation

If you are not using this service, it is recommended to disable it. Otherwise, replace it with SSH and its rlogin-equivalent slogin.

References