Authentication Bypass in ProFTPD Server by The Vendor ProFTPD
CVE-2007-2165

Currently unrated

Key Information:

Vendor

Proftpd Project

Status
Proftpd
Vendor
CVE Published:
22 April 2007

What is CVE-2007-2165?

In ProFTPD versions prior to 20070417, a vulnerability exists within the authentication API that can be exploited when multiple simultaneous authentication modules are configured. This flaw permits attackers to bypass the authentication mechanism by utilizing different modules for checking authentication versus retrieving authentication data. For instance, an attacker could leverage SQLAuthTypes Plaintext in mod_sql while pulling user data from /etc/passwd, compromising server security. This vulnerability emphasizes the importance of ensuring that authentication checks align with the respective data retrieval methods to safeguard against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
x_refsource_MISC
http://bugs.proftpd.org/show_bug.cgi?id=2922
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=237533
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.