Main Vulnerability Database SB2024021556

SB2024021556 - Observable discrepancy in ProFTPD

Published: February 15, 2024 Updated: June 23, 2025

Security Bulletin ID SB2024021556

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Observable discrepancy (CVE-ID: CVE-2004-1602)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Remediation

Install update from vendor's website.

References

http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
http://www.securityfocus.com/bid/11430
http://securitytracker.com/id?1011687
http://marc.info/?l=bugtraq&m=109786760926133&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724