BlackMoon FTP Login Error Message User Enumeration

Medium Nessus Plugin ID 11648


The remote FTP server has a user enumeration vulnerability.


The version of BlackMoon FTP running on the remote host issues a special error message when a user attempts to log in using a nonexistent account.

An attacker may use this flaw to make a list of valid accounts, which can be used to mount further attacks.


Upgrade to the latest version of BlackMoon FTP.

See Also

Plugin Details

Severity: Medium

ID: 11648

File Name: blackmoon_ftp_users_enum.nasl

Version: $Revision: 1.16 $

Type: remote

Family: FTP

Published: 2003/05/27

Modified: 2015/12/23

Dependencies: 10870, 10092, 11038

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/05/20

Reference Information

CVE: CVE-2003-0343

BID: 7647

OSVDB: 12079

Secunia: 8840