Originally Published: Sunday, 21 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

More proftpd issues

"A member of the proftpd mailing list and myself discovered a problem with proftpd with mod_sqlpw.c optional module compiled in. Unix last command reveals passwords where the username should be. A patch was sent to the mailing list, however, the patch only protects ftp localhost not ftp remotehost."