** Changed in: vsftpd (Debian)
Status: New => Invalid
** Changed in: vsftpd (Ubuntu)
Status: Invalid => Opinion
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/672328
Title:
vsftpd: dis
This is something you should bring up to the VSFTPD development team as
this is not an Ubuntu bug. A VSFTPD mailing list perhaps, or an e-mail
to a project code contributor would be appropriate for your concerns.
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
userlist_deny
This option is examined if userlist_enable is activated. If you set this
setting to NO, then users will be denied login unless they are
explicitly listed in the file specified by userlist_file. When login is
denied, the denial is issued before the user is asked for a password.
userl
I also want to take notice to the issue date of the vulnerability:
Updated: Jul 6 2008
Original Entry Date: Jan 7 2004
I changed the ticket status to 'invalid' and it should be closed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
This does not allow for non password user authentication. The security,
or rather bug in question allows for brute force user name disclosure
and therefor a new bug report should be made and this ticket closed as
this description states falsely that "causes the system to skip asking
for a password
Is your userlist_deny=NO/YES set. Could this be missing or commented
out in your configuration? Also, is your local_enable= variable set?
The security advisory only addresses disclosure of valid users and does
not allow password-less logins. I am sure a patched security update
will be provided