PFTP Default Unpassworded Account

critical Nessus Plugin ID 10508

Synopsis

It was possible to login to the remote system with an unpassworded account.

Description

It was possible to log into the remote FTP server as ' ' / ' '. If the remote server is PFTP, then anyone can use this account to read arbitrary files on the remote host.

Solution

Upgrade PFTP to version 2.9g or later.

Plugin Details

Severity: Critical

ID: 10508

File Name: pftp.nasl

Version: 1.22

Type: remote

Family: FTP

Published: 9/10/2000

Updated: 8/14/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1/1/2000