| VID |
16013 |
| Severity |
20 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
It is possible to determine the existence of a user on the remote system by issuing the command CWD ~<username>, like :
CWD ~adm
A cracker may use this to determine the existence of known to be vulnerable accounts (like guest) or to determine which system you are running.
* References:
http://online.securityfocus.com/bid/2564
http://cgi.nessus.org/plugins/dump.php3?id=10082 |
| Recommendation |
Inform your vendor, and ask for a patch, or change your FTP server |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
