CVE-1999-1475

CVSS 2.0 Score 4.6 of 10 (medium)

Details

Published Nov 19, 1999

Updated: Nov 20, 2024

Summary

CVE-1999-1475 refers to a vulnerability in ProFTPd 1.2 when using the mod_sqlpw module. This issue results in user passwords being logged in the wtmp file. Local users can exploit this vulnerability by accessing the wtmp file through the last command, thereby gaining privileges with the obtained passwords. This security flaw poses a significant risk to systems running the affected FTP server and the mod_sqlpw module. It is crucial to update the ProFTPd installation to a version that does not have this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Proftpd Project Proftpd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/LEzH1C
https://www.cve.org/CVERecord?id=CVE-1999-1475
https://nvd.nist.gov/vuln/detail/CVE-1999-1475

Back to Vulnerability Database

CVE-1999-1475

CVSS 2.0 Score 4.6 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations