Is debian OpenBSD ftpd secure?
Hi. I ran SAINT over my system today, and it highlighted a possible
vulnerability in the "ftpd" package. I believe this relates to
Now, access to the "anonymous" account is disabled in the /etc/ftpusers
file, which I understand leads to this:
Name (ftp.houseofmoran.com:mm): anonymous
331 Guest login ok, send your complete e-mail address as password.
530 Login incorrect.
It fails even if you give a valid email address. I take it that this is
because the strategy is to not give away immediately that access is
denied, like login does with non-existent accounts?
However, SAINT still seems to pick this up as a vulnerability. Is this
just because the SAINT detection routines get fooled by the
almost-successful login, or is there actually a real vulnerability?
: ftpd 0.11-8potato.1