[Bug 672328] Re: vsftpd: discloses whether usernames are valid or not

Andy Wright 672328 at bugs.launchpad.net
Thu Mar 3 19:45:32 UTC 2011


userlist_deny

This option is examined if userlist_enable is activated. If you set this
setting to NO, then users will be denied login unless they are
explicitly listed in the file specified by userlist_file. When login is
denied, the denial is issued before the user is asked for a password.

userlist_enable

If enabled, vsftpd will load a list of usernames, from the filename
given by userlist_file. If a user tries to log in using a name in this
file, they will be denied before they are asked for a password. This may
be useful in preventing cleartext passwords being transmitted. See also
userlist_deny.

**** "If a user tries to log in using a name in this file, they will be
denied before they are asked for a password." ****

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.
https://bugs.launchpad.net/bugs/672328

Title:
  vsftpd: discloses whether usernames are valid or not



More information about the Ubuntu-server-bugs mailing list