Serv-U < SFTP Authentication Bypass

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote SSH service is affected by an authentication bypass

Description :

According to its banner, the installed version of Serv-U is earlier
than and is, therefore, potentially affected by the following
issue :

- If the SFTP server has been configured to only allow
public key authentication, it can be bypassed for
users accounts that have no password.

See also :

Solution :

Upgrade to Serv-U version or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 50659 ()

Bugtraq ID: 44905


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now