freeFTPd / freeSSHd SFTP Authentication Bypass

high Nessus Plugin ID 63223


The SFTP server running on the remote host has an authentication bypass vulnerability.


The SFTP server included with freeFTPd or freeSSHd has an authentication bypass vulnerability. Authentication can be bypassed by opening an SSH channel before any credentials are provided. A remote, unauthenticated attacker could exploit this to login without providing credentials.

After logging in, uploading specially crafted files could result in arbitrary code execution as SYSTEM. Refer to the researcher's advisory for more information.


There is no known solution at this time.

See Also

Plugin Details

Severity: High

ID: 63223

File Name: freeftpd_sftp_auth_bypass.nasl

Version: 1.17

Type: remote

Published: 12/11/2012

Updated: 6/12/2020

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:U/RC:C

CVSS Score Source: CVE-2012-6067


Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:freeftpd:freeftpd, cpe:/a:freesshd:freesshd

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 8/11/2010

Exploitable With

Core Impact

Metasploit (Freesshd Authentication Bypass)

Reference Information

CVE: CVE-2012-6066, CVE-2012-6067

BID: 56782, 56785

EDB-ID: 23079, 23080, 24133