Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1602

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1602
Last Modified 05 Sep 2008 04:41:50
Published 15 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1602

Summary

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Vulnerable Systems

Application

  • Proftpd Project Proftpd 1.2

  • Proftpd Project Proftpd 1.2 Pre1

  • Proftpd Project Proftpd 1.2 Pre10

  • Proftpd Project Proftpd 1.2 Pre11

  • Proftpd Project Proftpd 1.2 Pre2

  • Proftpd Project Proftpd 1.2 Pre3

  • Proftpd Project Proftpd 1.2 Pre4

  • Proftpd Project Proftpd 1.2 Pre5

  • Proftpd Project Proftpd 1.2 Pre6

  • Proftpd Project Proftpd 1.2 Pre7

  • Proftpd Project Proftpd 1.2 Pre8

  • Proftpd Project Proftpd 1.2 Pre9

  • Proftpd Project Proftpd 1.2.0 Rc1

  • Proftpd Project Proftpd 1.2.0 Rc2

  • Proftpd Project Proftpd 1.2.0 Rc3

  • Proftpd Project Proftpd 1.2.1

  • Proftpd Project Proftpd 1.2.2

  • Proftpd Project Proftpd 1.2.2 Rc1

  • Proftpd Project Proftpd 1.2.2 Rc3

  • Proftpd Project Proftpd 1.2.3

  • Proftpd Project Proftpd 1.2.4

  • Proftpd Project Proftpd 1.2.5

  • Proftpd Project Proftpd 1.2.5 Rc1

  • Proftpd Project Proftpd 1.2.6

  • Proftpd Project Proftpd 1.2.7

  • Proftpd Project Proftpd 1.2.7 Rc1

  • Proftpd Project Proftpd 1.2.7 Rc2

  • Proftpd Project Proftpd 1.2.7 Rc3

  • Proftpd Project Proftpd 1.2.8

  • Proftpd Project Proftpd 1.2.8 Rc1

  • Proftpd Project Proftpd 1.2.8 Rc2

  • Proftpd Project Proftpd 1.2.9

  • Proftpd Project Proftpd 1.2.9 Rc1

  • Proftpd Project Proftpd 1.2.9 Rc2

  • Proftpd Project Proftpd 1.2.9 Rc3


References

SECTRACK - 1011687

MISC - http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02

BUGTRAQ - 20041015 ProFTPD 1.2.x remote users enumeration bug

XF - proftpd-info-disclosure(17724)

BID - 11430


Last Updated: 27 May 2016 10:39:06