Lucene search
MitreCVE-2008-0604HistoryFeb 06, 2008 - 12:00 p.m.
CVE-2008-0604
2008-02-0612:00:00
CWE-255
mitre
web.nvd.nist.gov
14
xlight ftp server
ldap authentication
bypass
remote attackers
nvd
cve-2008-0604
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.009
Percentile
83.3%
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
Affected configurations
Node
xlight_ftp_serverxlight_ftp_serverRange≤2.82
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xlight_ftp_server | xlight_ftp_server | * | cpe:2.3:a:xlight_ftp_server:xlight_ftp_server:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-0604
2008-02-06 11:00:00
nvd
nvd
CVE-2008-0604
2008-02-06 12:00:00
prion
prion
Authentication flaw
2008-02-06 12:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.009
Percentile
83.3%
Related for CVE-2008-0604