logo

Port 79 – FINGER (Finger Protocol)

Service:

finger

Protocol:

TCP

Port:

79

Used for:

User information lookup service

Why It’s Open

Port 79 runs the Finger protocol, a legacy service that provides information about users logged into a Unix system. It can reveal usernames, login times, real names, home directories, and sometimes shell information. While largely obsolete, some systems still run finger for compatibility or monitoring purposes.

Common Risks

  • User enumeration
    Reveals valid usernames for brute-force attacks
  • Information disclosure
    Exposes user details like real names and login patterns
  • Social engineering data
    Provides intelligence for targeted phishing attacks
  • System reconnaissance
    Reveals OS type, system activity, and user behavior
  • Privacy violations
    Exposes when users are active and their habits
  • Lateral movement intel
    Helps map user accounts across network systems

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Service Detection:

Terminal window
nmap -sV -p 79

User Enumeration:

Terminal window
finger @

Specific User Query:

Terminal window
finger admin@

Manual Connection:

Terminal window
nc  79

What to Look For

CheckpointWhat it means
User list responsesValid usernames that can be targeted for attacks
Login time informationActivity patterns revealing operational schedules
Real name disclosurePersonal information for social engineering
Home directory pathsFile system structure and naming conventions
Shell informationUser privilege levels and system capabilities

Mitigation

  • Disable finger service
    Remove fingerd daemon from system startup
  • Firewall restrictions
    Block port 79 access from untrusted networks
  • TCP wrappers
    Use hosts.allow/hosts.deny for access control
  • Monitor finger queries
    Log and alert on enumeration attempts
  • User information minimization
    Limit exposed user details in system configuration

TL;DR

  • Port 79 = Finger Protocol user information service
  • Legacy service that reveals sensitive user details
  • High reconnaissance value for attackers planning targeted attacks
  • Should be disabled unless absolutely necessary for operations

Known CVEs and Exploits

  • Morris Worm (1988) – Buffer overflow in fingerd leading to remote code execution
  • CVE-1999-0612 – Buffer overflow in various fingerd implementations
  • CVE-2003-0805– Format string vulnerability in GNU finger