AIX hosts.equiv Vulnerability

AIX hosts.equiv Vulnerability

Under certain versions of AIX, rlogind fails to perform proper authentication if particular conditions are true in the /etc/hosts.equiv file. If a hostA userA pair is mentioned in /etc/hosts.equiv. of machine hostB, then userA from hostA will be able to login as any user on hostB without a password.