*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: vsftpd There is a bug in vsftpd daemon, which causes the system to skip asking for a password if the username is invalid. This enables a remote user to determine whether the enter user account names are valid or not. The bug occurs when the user whitelisting facility is being used. ** Affects: vsftpd (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- vsftpd: discloses whether usernames are valid or not https://bugs.launchpad.net/bugs/672328 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vsftpd in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs