5.1

CVE-2007-2165

EPSS 2.15%
Published 22.04.2007 19:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Proftpd Project ≫ Proftpd Version <= 1.3.0_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.15%	0.835

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255

Vendor Advisory

http://bugs.proftpd.org/show_bug.cgi?id=2922

Patch

http://osvdb.org/34602

http://secunia.com/advisories/24867

Vendor Advisory

http://secunia.com/advisories/25724

http://secunia.com/advisories/27516

http://securitytracker.com/id?1017931

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:130

http://www.securityfocus.com/bid/23546

http://www.vupen.com/english/advisories/2007/1444

https://bugzilla.redhat.com/show_bug.cgi?id=237533

https://exchange.xforce.ibmcloud.com/vulnerabilities/33733

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html

https://nvd.nist.gov/vuln/detail/CVE-2007-2165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2165

EUVD