[Bug 672328] [NEW] vsftpd: discloses whether usernames are valid or not
672328 at bugs.launchpad.net
Sun Nov 7 22:45:34 GMT 2010
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vsftpd
There is a bug in vsftpd daemon, which causes the system to skip asking
for a password if the username is invalid. This enables a remote user to
determine whether the enter user account names are valid or not. The bug
occurs when the user whitelisting facility is being used.
** Affects: vsftpd (Ubuntu)
** Visibility changed to: Public
vsftpd: discloses whether usernames are valid or not
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
More information about the Ubuntu-server-bugs