Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2004-1602

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

  • Published: Oct 15, 2004
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-1602
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
proftpd / proftpd 1.2.0 1.2.10.x