Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 7.3
Описание
Improper Authentication in pyftpdlib
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-7263
- https://github.com/giampaolo/pyftpdlib/issues/73
- https://github.com/advisories/GHSA-q6w2-jxcm-2crj
- https://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-5.yaml
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
Пакеты
Наименование
pyftpdlib
pip
Затронутые версииВерсия исправления
< 0.5.0
0.5.0
Связанные уязвимости
nvd
больше 15 лет назад
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
debian
больше 15 лет назад
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response aft ...