icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Serv-U < 10.3.0.1 SFTP Server Authentication Bypass Vulnerability

High

Synopsis

The remote SFTP server is affected by an authentication bypass vulnerability.

Description

The remote host is running Serv-U File Server, an FTP/SFTP Server for Windows.

Versions of Serv-U earlier than 10.3.0.1 are potentially affected by a security bypass vulnerability in the SFTP module. By supplying a valid username and blank password, an attacker can gain unauthorized access to the affected application.

Solution

Upgrade to Serv-U version 10.3.0.1 or later.