[Bug 672328] Re: vsftpd: discloses whether usernames are valid or not
Andy Wright
672328 at bugs.launchpad.net
Sun Feb 27 23:10:22 UTC 2011
Is your userlist_deny=NO/YES set. Could this be missing or commented
out in your configuration? Also, is your local_enable= variable set?
The security advisory only addresses disclosure of valid users and does
not allow password-less logins. I am sure a patched security update
will be provided for brute force username disclosure.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
https://bugs.launchpad.net/bugs/672328
Title:
vsftpd: discloses whether usernames are valid or not
More information about the Ubuntu-server-bugs
mailing list