[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-2073

Date: (C)2010-06-16   (M)2017-08-18
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.

Reference:
BID-40839
http://www.openwall.com/lists/oss-security/2010/06/13/2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776
pyftpd-default-account(59431)

CWE    1
CWE-255

© 2013 SecPod Technologies