Wing FTP Server LDAP Authentication Bypass
Medium Nessus Plugin ID 54956
SynopsisThe remote FTP service is vulnerable to an authentication bypass attack.
DescriptionThe remote FTP server is running a version of Wing FTP Server earlier than 3.8.7. As such, it reportedly is affected by an authentication bypass vulnerability when LDAP or Active Directory authentication is used.
An attacker can exploit this issue by logging into the FTP server with an empty password. Successfully exploiting this issue requires that the LDAP server allows anonymous binds as well as knowledge of a valid account.
SolutionUpgrade to version 3.8.7 or later.