Serv-U < 10.3.0.1 SFTP Server Authentication Bypass Vulnerability

High Nessus Network Monitor Plugin ID 5712

Synopsis

The remote SFTP server is affected by an authentication bypass vulnerability.

Description

The remote host is running Serv-U File Server, an FTP/SFTP Server for Windows.

Versions of Serv-U earlier than 10.3.0.1 are potentially affected by a security bypass vulnerability in the SFTP module. By supplying a valid username and blank password, an attacker can gain unauthorized access to the affected application.

Solution

Upgrade to Serv-U version 10.3.0.1 or later.

See Also

http://www.serv-u.com/releasenotes

Plugin Details

Severity: High

ID: 5712

File Name: 5712.prm

Family: SSH

Published: 2010/11/18

Modified: 2016/11/23

Dependencies: 1967, 3059

Nessus ID: 50659

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/11/16

Vulnerability Publication Date: 2010/11/16

Reference Information

BID: 44905

OSVDB: 69386