oss-sec mailing list archives
Re: CVE request - pyftpd default username and password vulnerability
From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Jun 2010 15:35:48 -0400 (EDT)
Please use CVE-2010-2073 for this. Thanks. -- JB ----- "Henri Salo" <henri () nerv fi> wrote:
File /etc/pyftpd/auth_db_config.py contains: passwd = [('test', 'test', 'CY9rzUYh03PK3k6DJie09g=='), ('user', 'users', '7hHLsZBS5AsHqsDKBgwj7g=='), ('roxon', 'users', 'ItZ2pB7rPmzFV6hrtdnZ7A==')] These accounts can be used to login to the FTP-server and read arbitrary files and list directories. File perm_acl_config.py lists user permissions. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776 This affects version: 0.8.4 Can I have CVE-identifier for this issue? --- Henri Salo
Current thread:
- CVE request - pyftpd default username and password vulnerability Henri Salo (Jun 13)
- Re: CVE request - pyftpd default username and password vulnerability Josh Bressers (Jun 14)