CVE-2003-0343

Published May 21, 2003

Last updated 8 years ago

Overview

Description: BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF82DC26-E4BC-4757-B476-60204C3A6709"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References