5.1
CVE-2007-2165
- EPSS 12.52%
- Veröffentlicht 22.04.2007 19:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Proftpd Project ≫ Proftpd Version <= 1.3.0_rc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.52% | 0.957 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://bugs.proftpd.org/show_bug.cgi?id=2922
http://osvdb.org/34602
http://secunia.com/advisories/24867
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://securitytracker.com/id?1017931
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://www.securityfocus.com/bid/23546
http://www.vupen.com/english/advisories/2007/1444
https://bugzilla.redhat.com/show_bug.cgi?id=237533
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html