CVE-2004-1602

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=109786760926133&w=2	Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02	Broken Link Exploit Patch Vendor Advisory
http://securitytracker.com/id?1011687	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/11430	Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724	Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=109786760926133&w=2	Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02	Broken Link Exploit Patch Vendor Advisory
http://securitytracker.com/id?1011687	Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory
http://www.securityfocus.com/bid/11430	Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:51

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=109786760926133&w=2 - Third Party Advisory~~	() http://marc.info/?l=bugtraq&m=109786760926133&w=2 - Third Party Advisory
References	~~() http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Broken Link, Exploit, Patch, Vendor Advisory~~	() http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Broken Link, Exploit, Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1011687 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory~~	() http://securitytracker.com/id?1011687 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/11430 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory~~	() http://www.securityfocus.com/bid/11430 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 - Third Party Advisory, VDB Entry

15 Feb 2024, 18:46

Type	Values Removed	Values Added
First Time		Proftpd Proftpd proftpd
CWE	~~NVD-CWE-Other~~	CWE-203
CPE	cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.4:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.9:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.6:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.7:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.5:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.3:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.8:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:::::::* cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:::::::*	cpe:2.3:a:proftpd:proftpd::::::::
References	~~(SECTRACK) http://securitytracker.com/id?1011687 - Exploit, Patch, Vendor Advisory~~	(SECTRACK) http://securitytracker.com/id?1011687 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~(MISC) http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Exploit, Patch, Vendor Advisory~~	(MISC) http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 - Broken Link, Exploit, Patch, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/11430 - Exploit, Vendor Advisory~~	(BID) http://www.securityfocus.com/bid/11430 - Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=109786760926133&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=109786760926133&w=2 - Third Party Advisory
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 - Third Party Advisory, VDB Entry

Information

Published : 2004-10-15 04:00

Updated : 2024-11-20 23:51

NVD link : CVE-2004-1602

Mitre link : CVE-2004-1602

CVE.ORG link : CVE-2004-1602

JSON object : View

Products Affected

proftpd

proftpd

CWE

CWE-203

Observable Discrepancy

5.0 /10