CVE-2004-1602

NUCLEI

Proftpd < 1.2.10 - Information Disclosure

Title source: rule

Description

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Leon Juranic · cremotelinux

https://www.exploit-db.com/exploits/581

View Code ZIP pw:eip

Nuclei Templates (1)

ProFTPD 1.2.x - Username Enumeration via Timing Attack

MEDIUMVERIFIEDby pussycat0x

Shodan: product:"proftpd" || cpe:"cpe:2.3:a:proftpd:proftpd"

References (5)

[Third Party Advisory] http://marc.info/?l=bugtraq&m=109786760926133&w=2

[Broken Link, Exploit, Patch, Vendor Advisory] http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://securitytracker.com/id?1011687

[Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/11430

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17724

Scores

EPSS 0.0078

EPSS Percentile 73.7%

Details

CWE

CWE-203

Status published

Products (1)

proftpd/proftpd 1.2.0 - 1.2.10

Published Oct 15, 2004

Tracked Since Feb 18, 2026