Authentication Bypass Vulnerability in WS_FTP Server by Progress Software
CVE-2024-9999

Currently unrated

Key Information:

Vendor: Progress Software
Status: WS_FTP Server
Vendor: CVE Published:; 12 November 2024

Summary

An authentication bypass vulnerability exists in WS_FTP Server prior to version 8.8.9 (2022.0.9) due to improper implementation of the authentication algorithm in the Web Transfer Module. This flaw permits unauthorized users to log in by circumventing the second-factor verification process, potentially compromising sensitive data and system integrity.

References

https://community.progress.com/s/article/WS-FTP-Server-Se...

https://www.progress.com/ftp-server

Timeline

Vulnerability published
Nov 12, 2024