FTPS Cleartext Fallback Security Bypass
Medium Nessus Plugin ID 57272
SynopsisThe FTPS server on the remote host falls back to cleartext communication if SSL negotiations fail.
DescriptionThe remote FTPS server running on the remote host is affected by a security bypass vulnerability due to accepting unencrypted commands if SSL negotiations fail. A man-in-the-middle attacker can exploit this to intercept credentials and modify files.
SolutionIf using Serv-U, upgrade to version 188.8.131.52 or later. Otherwise, contact the vendor for a patch.