Serv-U < 10.3.0.1 SFTP Server Authentication Bypass Vulnerability

high Nessus Network Monitor Plugin ID 5712

Synopsis

The remote SFTP server is affected by an authentication bypass vulnerability.

Description

The remote host is running Serv-U File Server, an FTP/SFTP Server for Windows.

Versions of Serv-U earlier than 10.3.0.1 are potentially affected by a security bypass vulnerability in the SFTP module. By supplying a valid username and blank password, an attacker can gain unauthorized access to the affected application.

Solution

Upgrade to Serv-U version 10.3.0.1 or later.

See Also

http://www.serv-u.com/releasenotes

Plugin Details

Severity: High

ID: 5712

Family: SSH

Published: 11/18/2010

Updated: 3/6/2019

Nessus ID: 50659

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 11/16/2010

Vulnerability Publication Date: 11/16/2010

Reference Information

BID: 44905