PT-2005-5338 · Ioftpd · Ioftpd
Published
2005-12-31
·
Updated
2008-09-05
·
CVE-2005-4673
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ioFTPD version 0.5.84 u
Description
The issue allows remote attackers to enumerate valid usernames by analyzing different response messages from the software, depending on whether a username exists or not.
Recommendations
For ioFTPD version 0.5.84 u, consider modifying the response mechanism to prevent differentiation in messages based on username existence, thereby mitigating the risk of username enumeration.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ioftpd