CVE-2004-1602
published 2004-10-15CVE-2004-1602: ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
30.68%
98.0th percentile
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proftpd | proftpd | 1.2.0 – 1.2.10 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ProFTPd 1.2.10 - Remote Users Enumeration
exploitdb·2004-10-17
CVE-2004-1602 ProFTPd 1.2.10 - Remote Users Enumeration
ProFTPd 1.2.10 - Remote Users Enumeration
---
/*
Details
Vulnerable Systems:
* ProFTPD Version 1.2.10 and below
It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at the ProFTPd login procedure. There is a very small (but significant) difference in time delay of code execution path between valid and non-valid user names. That can be used to remotely determine the difference between existent and non-existent users. The time delay can be measured by using a simple FTP client that will calculate elapsed time between 'USER' command sent by client, and the server response. Because of the very short response period, elapsed time should be measured in
Nuclei
ProFTPD 1.2.x - Username Enumeration via Timing Attack
nuclei·CVSS 5.0
CVE-2004-1602 [MEDIUM] ProFTPD 1.2.x - Username Enumeration via Timing Attack
ProFTPD 1.2.x - Username Enumeration via Timing Attack
ProFTPD versions 1.2.x (including 1.2.8 and 1.2.10) are vulnerable to timing attacks that allow remote attackers to distinguish valid usernames from invalid ones. The server responds in varying amounts of time when a given username exists, enabling username enumeration through response time analysis.
Template:
id: CVE-2004-1602
info:
name: ProFTPD 1.2.x - Username Enumeration via Timing Attack
author: pussycat0x
severity: medium
description: |
ProFTPD versions 1.2.x (including 1.2.8 and 1.2.10) are vulnerable to timing attacks that allow remote attackers to distinguish valid usernames from invalid ones. The server responds in varying amounts of time when a given username exists, enabling username enumeration through response time a
No writeups or analysis indexed.
CWE
Observable Timing Discrepancy
mitre_cwe
CWE-208 Observable Timing Discrepancy
CWE-208: Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an inc
CWE
Observable Discrepancy
mitre_cwe
CWE-203 Observable Discrepancy
CWE-203: Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Access
http://marc.info/?l=bugtraq&m=109786760926133&w=2http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02http://securitytracker.com/id?1011687http://www.securityfocus.com/bid/11430https://exchange.xforce.ibmcloud.com/vulnerabilities/17724http://marc.info/?l=bugtraq&m=109786760926133&w=2http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02http://securitytracker.com/id?1011687http://www.securityfocus.com/bid/11430https://exchange.xforce.ibmcloud.com/vulnerabilities/17724
2004-10-15
Published