ID:11705 - Exploit for Observable discrepancy in ProFTPD - CVE-2004-1602

Link to public exploit:

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Remediation