CVE-2004-1602

N/A Unknown

Published: October 15, 2004 Modified: April 16, 2026

Description

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://marc.info/?l=bugtraq&m=109786760926133&w=2

Source: cve@mitre.org

Third Party Advisory

http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02

Source: cve@mitre.org

Broken Link Exploit Patch Vendor Advisory

http://securitytracker.com/id?1011687

Source: cve@mitre.org

Broken Link Exploit Patch Third Party Advisory VDB Entry Vendor Advisory

http://www.securityfocus.com/bid/11430

Source: cve@mitre.org

Broken Link Exploit Third Party Advisory VDB Entry Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17724

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://marc.info/?l=bugtraq&m=109786760926133&w=2