Network Penetration Testing

rlogin Service Enabled

our services

rlogin Overview

rlogin is the predecessor to telnet and SSH. It is part of the Berkley r-commands released in 1981. These commands are widely regarded as insecure and do not implement security controls expected of modern systems.

rlogin vulnerabilities

Some of the most notable risks associated with rlogin include the following:

  • Communication is unencrypted, leaving sensitive information vulnerable to eavesdropping and tampering.
  • rlogin supports authentication via the .rhosts and /etc/hosts.equiv files which may allow any use from an origin to login without a password.
  • rlogin is considered outdated and obsolete using such software can pose reputational risk.

Pentesting rlogin

Additionally, because of the file-based authentication, any scenario where an attacker can write to a user directory will also allow them to bypass authentication via rlogin. Remember that rlogin reads hosts.equiv as a global configuration, but also reads user-based .rhosts files for user-level authentication.

To confirm if a user can login via rlogin the following command can be used:

rlogin <host> -l <username>

Consider that a simple entry of + to /etc/hosts.equiv can allow anyone to login as any user without authentication.

rlogin Risk

rlogin is widely considered high risk from both internal and external network perspectives. Although the core risks of unencrypted communication are similar to telnet (which may often be considered medium risk), the risk associated with file based authentication significantly elevate the risks associated with the rlogin service.

Vulnerability Remediation

It is recommended that rlogin is disabled. On Linux systems this can be commented out in /etc/inetd.conf.

  • Application
  • Network
  • Mobile
  • AWS