[Bug 672328] Re: vsftpd: discloses whether usernames are valid or not
Andy Wright
672328 at bugs.launchpad.net
Thu Mar 3 19:45:32 UTC 2011
userlist_deny
This option is examined if userlist_enable is activated. If you set this
setting to NO, then users will be denied login unless they are
explicitly listed in the file specified by userlist_file. When login is
denied, the denial is issued before the user is asked for a password.
userlist_enable
If enabled, vsftpd will load a list of usernames, from the filename
given by userlist_file. If a user tries to log in using a name in this
file, they will be denied before they are asked for a password. This may
be useful in preventing cleartext passwords being transmitted. See also
userlist_deny.
**** "If a user tries to log in using a name in this file, they will be
denied before they are asked for a password." ****
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
https://bugs.launchpad.net/bugs/672328
Title:
vsftpd: discloses whether usernames are valid or not
More information about the Ubuntu-server-bugs
mailing list