ID |
CVE-2003-0343
|
Summary |
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.6 (as of 18-10-2016 - 02:32) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bugtraq | 20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration |
|
Last major update |
18-10-2016 - 02:32 |
Published |
21-05-2003 - 04:00 |
Last modified |
18-10-2016 - 02:32 |