Weak Password Encryption in NetWin SurgeFTP Affects Security
CVE-2001-1356

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgeftp
Vendor
CVE Published:
4 August 2001

What is CVE-2001-1356?

NetWin SurgeFTP 2.0f and earlier versions utilize a flawed approach to password encryption, employing weak hashing algorithms and a fixed salt value, combined with modulo 40 calculations. This design flaw exposes the administrator account to significant risks, allowing remote attackers to execute brute force password guessing attacks on port 7021. This vulnerability necessitates urgent remediation to safeguard access and ensure the integrity of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.iss.net/security_center/static/6961.php
vdb-entryx_refsource_XF
http://online.securityfocus.com/archive/1/201951
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/3157
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.