Anonymous FTP Enabled

medium Nessus Plugin ID 10079


Anonymous logins are allowed on the remote FTP server.


Brute force setting must be enabled to use this plugin.

Nessus has detected that the FTP server running on the remote host allows anonymous logins. Therefore, any remote user may connect and authenticate to the server without providing a password or unique credentials. This allows the user to access any files made available by the FTP server.


Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure that sensitive content is not being made available.

Plugin Details

Severity: Medium

ID: 10079

File Name: ftp_anonymous.nasl

Version: 1.60

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 8/16/2023

Risk Information

CVSS Score Rationale: Tenable gives a confidentiality impact of partial since the issue could allow unwanted access to file system.


Risk Factor: Low

Score: 1.4


Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-1999-0497


Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 7/1/1993

Reference Information

CVE: CVE-1999-0497

BID: 83206