Anonymous FTP Enabled

medium Nessus Plugin ID 10079
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

Anonymous logins are allowed on the remote FTP server.

Description

Nessus has detected that the FTP server running on the remote host allows anonymous logins. Therefore, any remote user may connect and authenticate to the server without providing a password or unique credentials. This allows the user to access any files made available by the FTP server.

Solution

Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure that sensitive content is not being made available.

Plugin Details

Severity: Medium

ID: 10079

File Name: ftp_anonymous.nasl

Version: 1.59

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 3/27/2020

Dependencies: ftpserver_detect_type_nd_version.nasl, logins.nasl

Risk Information

CVSS Score Source: CVE-1999-0497

CVSS Score Rationale: Tenable gives a confidentiality impact of partial since the issue could allow unwanted access to file system.

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 7/1/1993

Reference Information

CVE: CVE-1999-0497

BID: 83206