[Bug 672328] Re: vsftpd: discloses whether usernames are valid or not
Mark Hobley
672328 at bugs.launchpad.net
Mon Feb 28 16:01:12 UTC 2011
Ok, ignore the wording of the advisory. The bug is as I described. If
userlist_enable=YES then vsftpd does not ask for a password if an
invalid username is entered (and therefore it is disclosed that the
username is not valid). I will check the value of local_enabled, when I
return to my computer next week.
Regards,
Mark.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
https://bugs.launchpad.net/bugs/672328
Title:
vsftpd: discloses whether usernames are valid or not
More information about the Ubuntu-server-bugs
mailing list