CVE-1999-1475

Name of the Vulnerable Software and Affected Versions: ProFTPd version 1.2

Description: The issue allows local users to obtain user passwords and gain privileges by reading the wtmp log file, which contains recorded user passwords when ProFTPd is compiled with the mod sqlpw module. This can be achieved, for example, via the last command.

Recommendations: For ProFTPd version 1.2, consider disabling the mod sqlpw module to prevent passwords from being recorded in the wtmp log file until a more permanent solution is available. Restrict access to the wtmp log file to minimize the risk of password exposure.