CVE-2004-1602

Name: CVE-2004-1602
Creator: NVD / NIST
Published: 2004-10-15T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 30.68%

Last modified Jun 16, 2026

CVE-2004-1602 is a vulnerability of currently unknown severity. ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.. EPSS estimates a 30.68% chance of exploitation in the next 30 days.

Description

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Metrics

EPSS Probability

30.68%

98.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-203

Affected Software

Vendor	Product	Versions
Proftpd	Proftpd	>= 1.2.0, <= 1.2.10

References

http://marc.info/?l=bugtraq&m=109786760926133&w=2Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02Broken Link, Exploit, Patch, Vendor Advisory
http://securitytracker.com/id?1011687Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.securityfocus.com/bid/11430Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724Third Party Advisory, VDB Entry
http://marc.info/?l=bugtraq&m=109786760926133&w=2Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02Broken Link, Exploit, Patch, Vendor Advisory
http://securitytracker.com/id?1011687Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.securityfocus.com/bid/11430Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724Third Party Advisory, VDB Entry

Timeline

Published: Oct 15, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-1602?

How severe is CVE-2004-1602?

Severity scoring for CVE-2004-1602 is pending analysis. The EPSS model estimates a 30.68% probability of exploitation in the next 30 days.

How do I fix CVE-2004-1602?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-1602?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST