Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: FTP --> Category: infos

Solaris FTPd tells if a user exists Vulnerability Scan

Vulnerability Scan Summary
CWD ~root before logging in

Detailed Explanation for this Vulnerability Test

It is possible to acertain the existence of a
user on the remote system by issuing the command
CWD ~, even before logging in.

telnet target 21
CWD ~root
530 Please login with USER and PASS.

CWD ~nonexistinguser
530 Please login with USER and PASS.
550 Unknown user name after ~

A possible hacker may use this to acertain the existence of
known to be vulnerable accounts (like guest) or to
acertain which system you are running.

Solution : inform your vendor, and ask for a patch, or
change your FTP server

Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.