Vulnerabilities > CVE-2004-1428 - Information Exposure Through Discrepancy vulnerability in Argosoft FTP Server 1.2.2.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | FTP |
NASL id | ARGOSOFT_USER_DISCLOSURE.NASL |
description | The remote host is running the ArGoSoft FTP Server. The remote version of this software returns different error messages when a user attempts to log in using a nonexistent username or a bad password. An attacker may exploit this flaw to launch a dictionary attack against the remote host in order to obtain a list of valid user names. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16094 |
published | 2005-01-03 |
reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/16094 |
title | ArGoSoft FTP Server USER Command Account Enumeration |
code |
|
References
- http://www.lovebug.org/argosoft_advisory.txt
- http://www.securityfocus.com/bid/12139
- http://www.argosoft.com/ftpserver/changelist.aspx
- http://www.osvdb.org/11335
- http://securitytracker.com/id?1012744
- http://secunia.com/advisories/13063
- http://marc.info/?l=bugtraq&m=110451582011666&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18721