Vulnerabilities > CVE-2004-1602 - Information Exposure Through Discrepancy vulnerability in Proftpd
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 35 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ProFTPD. CVE-2004-1602. Remote exploit for linux platform |
| id | EDB-ID:581 |
| last seen | 2016-01-31 |
| modified | 2004-10-17 |
| published | 2004-10-17 |
| reporter | Leon Juranic |
| source | https://www.exploit-db.com/download/581/ |
| title | ProFTPD <= 1.2.10 - Remote Users Enumeration Exploit |
Nessus
| NASL family | FTP |
| NASL id | PROFTPD_USER_ENUM.NASL |
| description | The remote ProFTPd server is as old or older than 1.2.10 It is possible to determine which user names are valid on the remote host based on timing analysis attack of the login procedure. An attacker may use this flaw to set up a list of valid usernames for a more efficient brute-force attack against the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15484 |
| published | 2004-10-17 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15484 |
| title | ProFTPD Login Timing Account Name Enumeration |