Описание
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
Ссылки
- Mailing ListPatch
- Mailing List
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListPatch
- Mailing List
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:debian:pyftpd:0.8.4:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00932
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 15 лет назад
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
CVSS3: 7.5
debian
больше 15 лет назад
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and pa ...
CVSS3: 7.5
github
больше 3 лет назад
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
EPSS
Процентиль: 76%
0.00932
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-798