CVE-1999-1475

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Published: Nov 19, 1999
Updated: Apr 13, 2023
CVE: CVE-1999-1475
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
proftpd_project / proftpd	1.2	1.2.x

http://www.securityfocus.com/archive/1/35483
http://www.securityfocus.com/bid/812

Vulnerability Database

289,599

CVE-1999-1475