Password Caching Flaw in ProFTPD's mod_sqlpw Module
CVE-2001-0027

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 12 February 2001

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2001-0027?

The mod_sqlpw module in ProFTPD contains a flaw where it fails to reset a cached password when a user switches accounts using the 'user' command. This oversight enables authenticated attackers to exploit the vulnerability and potentially gain unauthorized privileges of other users, compromising the integrity and security of the affected server. Mitigating this issue requires patching the application or implementing alternative authentication measures.

References

http://archives.neohapsis.com/archives/bugtraq/2000-12/01...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/5737

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 12, 2001
Vulnerability Reserved
Feb 1, 2001

JSON