The IT Law Wiki


Anonymous login is

[a]n access control feature (actually, an access control vulnerability) in many Internet hosts that enables users to gain access to general-purpose or public services and resources of a host (such as allowing any user to transfer data using FTP) without having a pre-established, identity-specific account (i.e., user name and password).[1]


"This feature exposes a system to more threats than when all the users are known, pre-registered entities that are individually accountable for their actions. A user logs in using a special, publicly known user name (e.g., 'anonymous', 'guest', or 'ftp'). To use the public login name, the user is not required to know a secret password and may not be required to input anything at all except the name. In other cases, to complete the normal sequence of steps in a login protocol, the system may require the user to input a matching, publicly known password (such as 'anonymous') or may ask the user for an e-mail address or some other arbitrary character string."[2]