Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1356

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1356
Last Modified 05 Sep 2008 04:26:20
Published 04 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1356

Summary

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Vulnerable Systems

Application

  • Netwin Surgeftp 2.0a

  • Netwin Surgeftp 2.0b

  • Netwin Surgeftp 2.0c

  • Netwin Surgeftp 2.0d

  • Netwin Surgeftp 2.0e

  • Netwin Surgeftp 2.0f


References

BID - 3157

XF - surgeftp-weak-password-encryption(6961)

BUGTRAQ - 20010804 SurgeFTP admin account bruteforcable


Last Updated: 27 May 2016 10:36:38