CVE-1999-0651

rsh/rlogin Service - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-1999-0651. PoCs published by jduck, including Metasploit module auxiliary/scanner/rservices/rlogin_login.

AI-analyzed exploit summary This Metasploit module scans for rlogin services and performs credential brute-forcing. It connects from a privileged port and attempts authentication with provided credentials.

Description

The rsh/rlogin service is running.

Exploits (3)

metasploit SCANNER
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rservices/rlogin_login.rb

This Metasploit module scans for rlogin services and performs credential brute-forcing. It connects from a privileged port and attempts authentication with provided credentials.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: rlogin service
Auth required
Prerequisites: Access to privileged ports (below 1024) · Valid credentials or a credential list
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rservices/rexec_login.rb

This Metasploit module scans for rexec services and attempts authentication using brute-force techniques. It can also establish a command shell session upon successful login.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: rexec service
Auth required
Prerequisites: Access to bind to privileged ports (below 1024) · Network access to the target rexec service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rservices/rsh_login.rb

This Metasploit module exploits weak authentication in rsh (remote shell) services by brute-forcing user credentials and establishing a command shell session. It leverages privileged ports for authentication bypass and can spawn interactive shells on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: rsh (remote shell service)
No auth needed
Prerequisites: Access to privileged ports (<1024) · Network access to target rsh service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/2995

Scores

EPSS 0.1190
EPSS Percentile 95.6%

Details

Status published
Published Jan 01, 1999
Tracked Since Feb 18, 2026