Multiple Vendor Embedded FTP Service Any Username Authentication Bypass

medium Nessus Plugin ID 10990

Language:

Synopsis

A random username and password can be used to authenticate to the remote FTP server.

Description

The FTP server running on the remote host can be accessed using a random username and password. Nessus has enabled some countermeasures to prevent other plugins from reporting vulnerabilities incorrectly because of this.

Solution

Correct the FTP server's configuration so that the service handles authentication requests properly.

Plugin Details

Severity: Medium

ID: 10990

File Name: DDI_FTP_Any_User_Login.nasl

Version: 1.31

Type: remote

Family: FTP

Published: 6/5/2002

Updated: 8/9/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1/1/2002

Detections

Analytics