[Bug 672328] Re: vsftpd: discloses whether usernames are valid or not
Andy Wright
672328 at bugs.launchpad.net
Sun Feb 27 23:33:49 UTC 2011
This does not allow for non password user authentication. The security,
or rather bug in question allows for brute force user name disclosure
and therefor a new bug report should be made and this ticket closed as
this description states falsely that "causes the system to skip asking
for a password if the username is invalid".
** Changed in: vsftpd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
https://bugs.launchpad.net/bugs/672328
Title:
vsftpd: discloses whether usernames are valid or not
More information about the Ubuntu-server-bugs
mailing list