COMMAND

    ProFTPd - mod_sqlpw.c

SYSTEMS AFFECTED

    ProFTPd - mod_sqlpw.c

PROBLEM

    Todd  C.  Campbell  posted  following.   A  member  of the proftpd
    mailing list and  himself discovered a  problem with proftpd  with
    mod_sqlpw.c  optional  module  compiled  in.   Unix  last  command
    reveals passwords where the username should be.  A patch was  sent
    to  the  mailing  list,  however,  the  patch  only  protects  ftp
    localhost  not   ftp  remotehost.    Johnie   Ingram  (Author   of
    mod_sqlpw.c) was  notified, as  well as,  the rest  of the mailing
    list.

    The  WtmpLog   directive  controls   proftpd's  logging   of   ftp
    connections to the host system's wtmp file (used by such  commands
    as `last'). By default, all connections are logged via wtmp.

SOLUTION

    Following work around is suggested:

        <Global>
        Wtemplog off
        </Global>