Back to search
CVE-2001-1356
Published: Jun 11, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
surgeftp-weak-password-encryption(6961)
vdb-entry
x_refsource_XF
20010804 SurgeFTP admin account bruteforcable
mailing-list
x_refsource_BUGTRAQ
3157
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now