CVE-2004-1428
ArGoSoft FTP < 1.4.2.1 - Username Enumeration via Error Message
Title source: llmDescription
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18721
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1012744
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13063
Broken Link, URL Repurposed x_refsource_misc
http://www.lovebug.org/argosoft_advisory.txt
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12139
Broken Link x_refsource_confirm
http://www.argosoft.com/ftpserver/changelist.aspx
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110451582011666&w=2
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/11335
Scores
EPSS
0.0284
EPSS Percentile
84.8%
Details
CWE
CWE-203
Status
published
Products (1)
argosoft/ftp_server
< 1.4.2.1
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026