| VID |
14074 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Session Timeout is not set in the host system. If account is neglected after login, the account can be used for malicious purpose. Therefore session timeout is needed to be set, which force system to disconnect the user unless any event occur after a certain time
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Set session timeout as the following
Open /etc/profile and then add the following 2 lines
TMOUT=600
export TMOUT
*in case of some Solaris
Open /etc/default/login and then add the following line
TIMEOUT=600
*If TIMEOUT setting exists in /etc/profile or /etc/default/login in Solaris system, SECUI SCAN does not judge the system vulnerable. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
