Zaurus PDA FTP Server Unpassworded root Account

This script is Copyright (C) 2002-2011 Tenable Network Security, Inc.


Synopsis :

The remote FTP server has an account with a blank password.

Description :

The remote Zaurus FTP server can be accessed as the user 'root' with
no password. An attacker may use this flaw to steal or modify the
content of your PDA, including (but not limited to) your address book,
personal files, and list of appointments.

See also :

http://archives.neohapsis.com/archives/bugtraq/2002-07/0093.html

Solution :

There is no known solution at this time.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 11045 (ftp_zaurus.nasl)

Bugtraq ID: 5200

CVE ID: CVE-2002-1974

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial