severity 509333 normal # if not wishlist thanks Hi, * Mark Hobley <[email protected]> [2008-12-21 13:42]: > Package: vsftpd > Severity: grave
Dude, please read the explanation of what grave is again. > Tags: security > Justification: user security hole > > > The vsftpd daemon discloses whether usernames supplied by the client are > valid or not. > > On connection to the server via a client, if an invalid username is > supplied, a 530 error is immediately returned, instead of a password > prompt being returned before failure. This is a quite common problem, your local login program does the same (so does pam-opie). But the issue itself is not an important security issue, downgrading. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpFl8rzFAxbm.pgp
Description: PGP signature
