CVE-2004-1602 Information

Description

ProFTPD 1.2.x including 1.2.8 and 1.2.10 responds in a different amount of time when a given username exists which allows remote attackers to identify valid usernames by timing the server response.

Reference

http://marc.info/?l=bugtraq&m=109786760926133&w=2 http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 http://securitytracker.com/id?1011687 http://www.securityfocus.com/bid/11430 https://exchange.xforce.ibmcloud.com/vulnerabilities/17724