Back to search
CVE-2007-2165
Published: Apr 22, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
x_refsource_MISC
http://bugs.proftpd.org/show_bug.cgi?id=2922
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=237533
x_refsource_CONFIRM
MDKSA-2007:130
vendor-advisory
x_refsource_MANDRIVA
25724
third-party-advisory
x_refsource_SECUNIA
23546
vdb-entry
x_refsource_BID
24867
third-party-advisory
x_refsource_SECUNIA
34602
vdb-entry
x_refsource_OSVDB
ADV-2007-1444
vdb-entry
x_refsource_VUPEN
1017931
vdb-entry
x_refsource_SECTRACK
FEDORA-2007-2613
vendor-advisory
x_refsource_FEDORA
27516
third-party-advisory
x_refsource_SECUNIA
proftpd-authapi-security-bypass(33733)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now