oss-sec mailing list archives
CVE request - pyftpd default username and password vulnerability
From: Henri Salo <henri () nerv fi>
Date: Sun, 13 Jun 2010 23:08:30 +0300
File /etc/pyftpd/auth_db_config.py contains: passwd = [('test', 'test', 'CY9rzUYh03PK3k6DJie09g=='), ('user', 'users', '7hHLsZBS5AsHqsDKBgwj7g=='), ('roxon', 'users', 'ItZ2pB7rPmzFV6hrtdnZ7A==')] These accounts can be used to login to the FTP-server and read arbitrary files and list directories. File perm_acl_config.py lists user permissions. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776 This affects version: 0.8.4 Can I have CVE-identifier for this issue? --- Henri Salo
Current thread:
- CVE request - pyftpd default username and password vulnerability Henri Salo (Jun 13)
- Re: CVE request - pyftpd default username and password vulnerability Josh Bressers (Jun 14)