FTPd CWD Command Account Enumeration

medium Nessus Plugin ID 10082

Synopsis

The remote FTP server is vulnerable by an account-enumeration attack.

Description

It is possible to determine the existence of a user on the remote system by issuing the command CWD ~<username>.

An attacker may use this to determine the existence of known to be vulnerable accounts (like guest) or to determine which system you are running.

Solution

There is no known solution at this time.

Plugin Details

Severity: Medium

ID: 10082

File Name: ftp_check_user.nasl

Version: Revision: 1.27

Type: remote

Family: FTP

Published: 11/12/1999

Updated: 12/4/2013

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: ftp/anonymous