Lucene search

[email protected]CVE-1999-1475

HistorySep 12, 2001 - 4:00 a.m.

CVE-1999-1475

2001-09-1204:00:00

[email protected]

web.nvd.nist.gov

cve-1999-1475

proftpd 1.2

mod_sqlpw

wtmp log

password exposure

local user

privileges.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Affected configurations

NVD

Node

proftpd_projectproftpdMatch1.2

CPENameOperatorVersion
proftpd_project:proftpdproftpd project proftpdeq1.2

CPE	Name	Operator	Version
proftpd_project:proftpd	proftpd project proftpd	eq	1.2

References

www.securityfocus.com/archive/1/35483

www.securityfocus.com/bid/812

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVE-1999-1475

cvelist1 nvd1