CVE-1999-1475

Description

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Affected Software
References

Software	From	Fixed in
proftpd_project / proftpd	1.2	1.2.x

http://www.securityfocus.com/archive/1/35483
http://www.securityfocus.com/bid/812

Severity: Low

CVE: CVE-1999-1475
Published: Nov 19, 1999
Updated: Apr 13, 2023
Exploit:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CVE-1999-1475

Description

Details

CVSS v2