Serv-U < SFTP Authentication Bypass

Medium Nessus Plugin ID 50659


The remote SSH service is affected by an authentication bypass vulnerability.


According to its banner, the installed version of Serv-U is earlier than and is, therefore, potentially affected by the following issue :

- If the SFTP server has been configured to only allow public key authentication, it can be bypassed for users accounts that have no password.


Upgrade to Serv-U version or later.

See Also

Plugin Details

Severity: Medium

ID: 50659

File Name: servu_10_3_0_1.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2010/11/19

Modified: 2013/01/24

Dependencies: 10267

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: Services/ssh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/16

Vulnerability Publication Date: 2010/11/16

Reference Information

BID: 44905

OSVDB: 69386

Secunia: 42261