Improper Certificate Revocation Check in ProFTPD by ProFTPD Project
CVE-2019-19271

7.5HIGH

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 26 November 2019

What is CVE-2019-19271?

A vulnerability exists in ProFTPD that affects the tls_verify_crl function. An incorrectly handled iteration variable during the client certificate verification process may result in certain Certificate Revocation List (CRL) entries being ignored. This flaw can potentially permit clients with revoked certificates to establish a connection to the server, posing a significant risk to the system's integrity and security. System administrators should ensure they are using versions after 1.3.6 to mitigate this issue.

References

https://github.com/proftpd/proftpd/issues/860

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2019
Vulnerability Reserved
Nov 26, 2019

JSON

Proftpd

What is CVE-2019-19271?

References

CVSS V3.1

Timeline