Apple Filing Protocol (AFP) Guest Access Enabled
By: Richard Glaser, University of Utah - Revised: 2010-03-10 richardWhat is the threat?
Apple Filing Protocol (AFP) provides "guest access" to selected files. Anyone can connect to this machine and access these files without providing a password. This function is usually intended for accessing users' DropBoxes in order to upload files.If sensitive files are on this guest accessible file sharing, unauthorized users can download them, resulting in confidential information leaks.
How to fix this Vulnerability?
To fix this vulnerability you have multiple options like removing everyone access to sharepoints or disabling guest access on Mac OS X client & server.Mac OS X Client
Use the following command to remove guest access on Mac OS X 10.5/10.6 client...
defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool false
Then you stop and start File Sharing for it to use
the new configuration.
Next, to test if this configuration change work try to connect to the Mac OS X client you made this modification and you should notice that the dialog doesn't give you a guest login option.
If you didn't make the above modification and turn on file sharing you might see the guest login option.
© -
University of Utah
-
Marriott Library
-
Student Computing Labs
Disclaimer
- 295 South 1500 East, Room 1705J, SLC, UT 84112 - 801.581.6494