CVE-2004-1602

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.2.x through 1.2.10 ProFTPD versions prior to 1.2.11

Description The issue allows remote attackers to identify valid usernames by timing the server response, as the server responds in a different amount of time when a given username exists. This can assist a remote user in enumerating usernames, determining what usernames are valid, privileged, or do not exist on the remote system.

Recommendations For ProFTPD versions 1.2.x through 1.2.10, update to version 1.2.11 or later. For ProFTPD versions prior to 1.2.11, update to version 1.2.11 or later.