Cerberus FTP Server 6.x < 6.0.9.0 / 7.x < 7.0.0.2 SSH FTP Account Enumeration

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The FTP server installed on the remote Windows host is affected by an
unauthorized information disclosure vulnerability.

Description :

The version of Cerberus FTP Server on the remote host is version 6.x
prior to 6.0.9.0 or version 7.x prior to 7.0.0.2. It is, therefore,
affected by an unauthorized information disclosure vulnerability.

A remote attacker can enumerate user accounts via an analysis of
responses from the SSH FTP service.

See also :

http://www.nessus.org/u?c18bc396

Solution :

Upgrade to Cerberus FTP Server 6.0.9.0 / 7.0.0.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 76459 ()

Bugtraq ID: 67707

CVE ID: