CVE-2004-1602

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://marc.info/?l=bugtraq&m=109786760926133&w=2 Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 Broken Link Exploit Patch Vendor Advisory
http://securitytracker.com/id?1011687 Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/11430 Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
History

15 Feb 2024, 18:46

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=109786760926133&w=2 - () http://marc.info/?l=bugtraq&m=109786760926133&w=2 - Third Party Advisory
References () http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Exploit, Patch, Vendor Advisory () http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Broken Link, Exploit, Patch, Vendor Advisory
References () http://securitytracker.com/id?1011687 - Exploit, Patch, Vendor Advisory () http://securitytracker.com/id?1011687 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://www.securityfocus.com/bid/11430 - Exploit, Vendor Advisory () http://www.securityfocus.com/bid/11430 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 - Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-203
CPE cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc3:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc1:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc3:*:*:*:*:*:*:*		 cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
First Time Proftpd
Proftpd proftpd
Information

Published : 2004-10-15 04:00

Updated : 2024-02-15 18:46

NVD link : CVE-2004-1602

Mitre link : CVE-2004-1602

CVE.ORG link : CVE-2004-1602

JSON object : View

Products Affected

proftpd

  • proftpd
CWE
CWE-203

Observable Discrepancy