Timing Attack on ProFTPD Server by The ProFTPD Project
CVE-2004-1602

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 15 October 2004

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2004-1602?

ProFTPD versions 1.2.8 and 1.2.10 are susceptible to a timing attack, where the server's response time varies based on whether a given username exists. This behavior allows remote attackers to exploit this time difference to enumerate valid usernames on the server. By analyzing the response times, attackers can effectively determine the legitimacy of usernames, posing a significant risk to the security and privacy of users.

References

http://securitytracker.com/id?1011687

vdb-entryx_refsource_SECTRACK

http://security.lss.hr/index.php?page=details&ID=LSS-2004...

x_refsource_MISC

http://www.securityfocus.com/bid/11430

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Feb 20, 2005
Vulnerability published
Oct 15, 2004

JSON