CVE-2008-0604
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
La característica de autentificación LDAP en XLight FTP Server en versiones anteriores a 2.83. Cuando se usa con algunos servidores LDAP no especificados, no comprueba que haya contraseñas en blanco, lo que permite a atacantes remotos evitar las pretendidas restricciones de acceso.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-05 CVE Reserved
- 2008-02-06 CVE Published
- 2024-09-16 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.xlightftpd.com/whatsnew.htm | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28755 | 2008-09-05 | |
| http://www.securityfocus.com/bid/27602 | 2008-09-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xlight Ftp Server Search vendor "Xlight Ftp Server" | Xlight Ftp Server Search vendor "Xlight Ftp Server" for product "Xlight Ftp Server" | <= 2.82 Search vendor "Xlight Ftp Server" for product "Xlight Ftp Server" and version " <= 2.82" | - |
Affected
| ||||||