Package: proftpd Version: 1.2.10-9 Severity: normal Tags: security proftpd is reported to be vulnerable to a timing attack. Small differences in the amount of time it takes to respond to authentication as various user names can be analysed to determine which users exist. This is CAN-2004-1602; more info here: http://marc.theaimsgroup.com/?l=bugtraq&m=109786760926133&w=2
Proof of concept code exists, but I have not tried it. -- see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
