Description of problem: Servers can expose an Rsync service on port 873. If no hardening is done, any user with a network access to the machine will be able to access the different data exposed by the Rsync service leading to important data leak 10.91.209.251:873 open tcp rsync 10.91.205.184:873 open tcp rsync The RSync service is exposed by the two following machines: • cirp11ospctlfb201.infra.eu-muc-11.cloud.amadeus.net • cirp12ospctlfa201.infra.eu-muc-12.cloud.amadeus.net The service is unauthenticated and exposes the following directories: • accounts • containers • objects Version-Release number of selected component (if applicable): RHOSP16.2 How reproducible: Always Actual results: Bydefault VM Servers can expose an Rsync service on port 873 leading to security vulnerablity Expected results: RSYNC should be configured on some other port other than its default port Additional info:
This is duplicate of bz 2219698 . *** This bug has been marked as a duplicate of bug 2219698 ***