Observable Discrepancy

CVE-2004-1602

Medium

5/10

Summary

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-203 - Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

Advisory Timeline

Published Oct 15, 2004

Observable Discrepancy

CVE-2004-1602

Summary

CWE-203 - Observable Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS