Multiple Vendor Embedded FTP Service Any Username Authentication Bypass

Medium Nessus Plugin ID 10990


A random username and password can be used to authenticate to the remote FTP server.


The FTP server running on the remote host can be accessed using a random username and password. Nessus has enabled some countermeasures to prevent other plugins from reporting vulnerabilities incorrectly because of this.


Correct the FTP server's configuration so that the service handles authentication requests properly.

Plugin Details

Severity: Medium

ID: 10990

File Name: DDI_FTP_Any_User_Login.nasl

Version: 1.31

Type: remote

Family: FTP

Published: 2002/06/05

Updated: 2018/08/09

Dependencies: 10092

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 2002/01/01