Weak Password Encryption in NetWin SurgeFTP Affects Security
CVE-2001-1356

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgeftp
Vendor: CVE Published:; 4 August 2001

What is CVE-2001-1356?

NetWin SurgeFTP 2.0f and earlier versions utilize a flawed approach to password encryption, employing weak hashing algorithms and a fixed salt value, combined with modulo 40 calculations. This design flaw exposes the administrator account to significant risks, allowing remote attackers to execute brute force password guessing attacks on port 7021. This vulnerability necessitates urgent remediation to safeguard access and ensure the integrity of sensitive data.

References

http://www.iss.net/security_center/static/6961.php

vdb-entryx_refsource_XF

http://online.securityfocus.com/archive/1/201951

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/3157

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Jun 7, 2002
Vulnerability published
Aug 4, 2001

Netwin

What is CVE-2001-1356?

References

Timeline