CVE-2003-0343 - BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "

CVE-2003-0343

Summary

BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.

References

http://marc.info/?l=bugtraq&m=105353283720837&w=2

Vulnerable Configurations

cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq

20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration

Last major update

18-10-2016 - 02:32

Published

21-05-2003 - 04:00

Last modified

18-10-2016 - 02:32