ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote malicious users to identify valid usernames by timing the server response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
proftpd proftpd |