Lucene search

[email protected]CVE-2001-1356

HistoryJun 11, 2002 - 4:00 a.m.

CVE-2001-1356

2002-06-1104:00:00

[email protected]

web.nvd.nist.gov

netwin

surgeftp

weak-hashing

brute-force-attacks

cve-2001-1356

nvd.

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Affected configurations

NVD

Node

netwinsurgeftpMatch2.0a

netwinsurgeftpMatch2.0b

netwinsurgeftpMatch2.0c

netwinsurgeftpMatch2.0d

netwinsurgeftpMatch2.0e

netwinsurgeftpMatch2.0f

CPENameOperatorVersion
netwin:surgeftpnetwin surgeftpeq2.0a
netwin:surgeftpnetwin surgeftpeq2.0b
netwin:surgeftpnetwin surgeftpeq2.0c
netwin:surgeftpnetwin surgeftpeq2.0d
netwin:surgeftpnetwin surgeftpeq2.0e
netwin:surgeftpnetwin surgeftpeq2.0f

CPE	Name	Operator	Version
netwin:surgeftp	netwin surgeftp	eq	2.0a
netwin:surgeftp	netwin surgeftp	eq	2.0b
netwin:surgeftp	netwin surgeftp	eq	2.0c
netwin:surgeftp	netwin surgeftp	eq	2.0d
netwin:surgeftp	netwin surgeftp	eq	2.0e
netwin:surgeftp	netwin surgeftp	eq	2.0f

References

online.securityfocus.com/archive/1/201951

www.iss.net/security_center/static/6961.php

www.securityfocus.com/bid/3157

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2001-1356

nvd1 cvelist1