LDAP Authentication Bypass in XLight FTP Server by XLight
CVE-2008-0604

Currently unrated

Key Information:

Vendor: Xlight Ftp Server
Status: Xlight Ftp Server
Vendor: CVE Published:; 6 February 2008

🔔 Create Xlight Ftp Server Vulnerability Alert

What is CVE-2008-0604?

The XLight FTP Server, specifically versions prior to 2.83, has a vulnerability in its LDAP authentication mechanism which does not verify if a password field is left blank. This oversight allows attackers leveraging certain LDAP servers to bypass critical access restrictions, potentially leading to unauthorized access to the server.

References

http://www.xlightftpd.com/whatsnew.htm

x_refsource_CONFIRM

http://www.securityfocus.com/bid/27602

vdb-entryx_refsource_BID

http://secunia.com/advisories/28755

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 6, 2008