Serv-U < 10.3.0.1 SFTP Authentication Bypass
Medium Nessus Plugin ID 50659
SynopsisThe remote SSH service is affected by an authentication bypass vulnerability.
DescriptionAccording to its banner, the installed version of Serv-U is earlier than 10.3.0.1 and is, therefore, potentially affected by the following issue :
- If the SFTP server has been configured to only allow public key authentication, it can be bypassed for users accounts that have no password.
SolutionUpgrade to Serv-U version 10.3.0.1 or later.