*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: vsftpd
There is a bug in vsftpd daemon, which causes the system to skip asking
for a password if the username is invalid. This enables a remote user to
determine whether the enter user account names are valid or not. The bug
occurs when the user whitelisting facility is being used.
** Affects: vsftpd (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
vsftpd: discloses whether usernames are valid or not
https://bugs.launchpad.net/bugs/672328
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
