Ok, ignore the wording of the advisory. The bug is as I described. If userlist_enable=YES then vsftpd does not ask for a password if an invalid username is entered (and therefore it is disclosed that the username is not valid). I will check the value of local_enabled, when I return to my computer next week.
Regards, Mark. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/672328 Title: vsftpd: discloses whether usernames are valid or not -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
