CVE Vulnerabilities

CVE-2004-1602

Published: Oct 15, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Affected Software

Name Vendor Start Version End Version
Proftpd Proftpd_project 1.2 1.2
Proftpd Proftpd_project 1.2.0_rc1 1.2.0_rc1
Proftpd Proftpd_project 1.2.0_rc2 1.2.0_rc2
Proftpd Proftpd_project 1.2.0_rc3 1.2.0_rc3
Proftpd Proftpd_project 1.2.1 1.2.1
Proftpd Proftpd_project 1.2.2 1.2.2
Proftpd Proftpd_project 1.2.2_rc1 1.2.2_rc1
Proftpd Proftpd_project 1.2.2_rc3 1.2.2_rc3
Proftpd Proftpd_project 1.2.3 1.2.3
Proftpd Proftpd_project 1.2.4 1.2.4
Proftpd Proftpd_project 1.2.5 1.2.5
Proftpd Proftpd_project 1.2.5_rc1 1.2.5_rc1
Proftpd Proftpd_project 1.2.6 1.2.6
Proftpd Proftpd_project 1.2.7 1.2.7
Proftpd Proftpd_project 1.2.7_rc1 1.2.7_rc1
Proftpd Proftpd_project 1.2.7_rc2 1.2.7_rc2
Proftpd Proftpd_project 1.2.7_rc3 1.2.7_rc3
Proftpd Proftpd_project 1.2.8 1.2.8
Proftpd Proftpd_project 1.2.8_rc1 1.2.8_rc1
Proftpd Proftpd_project 1.2.8_rc2 1.2.8_rc2
Proftpd Proftpd_project 1.2.9 1.2.9
Proftpd Proftpd_project 1.2.9_rc1 1.2.9_rc1
Proftpd Proftpd_project 1.2.9_rc2 1.2.9_rc2
Proftpd Proftpd_project 1.2.9_rc3 1.2.9_rc3
Proftpd Proftpd_project 1.2_pre1 1.2_pre1
Proftpd Proftpd_project 1.2_pre2 1.2_pre2
Proftpd Proftpd_project 1.2_pre3 1.2_pre3
Proftpd Proftpd_project 1.2_pre4 1.2_pre4
Proftpd Proftpd_project 1.2_pre5 1.2_pre5
Proftpd Proftpd_project 1.2_pre6 1.2_pre6
Proftpd Proftpd_project 1.2_pre7 1.2_pre7
Proftpd Proftpd_project 1.2_pre8 1.2_pre8
Proftpd Proftpd_project 1.2_pre9 1.2_pre9
Proftpd Proftpd_project 1.2_pre10 1.2_pre10
Proftpd Proftpd_project 1.2_pre11 1.2_pre11

References