2 matches found
CVE-2004-1602
ProFTPD 1.2.x (including 1.2.8 and 1.2.10) is vulnerable to username enumeration via timing differences in responses, enabling remote attackers to identify valid usernames. Root cause: timing-based information disclosure in login handling. Affected products: ProFTPD before 1.2.11. Impact: partial...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...