CVE-2007-2165

NONECVSS 0.0

0.0

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

🔗 References (26)

cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
cve@mitrehttp://bugs.proftpd.org/show_bug.cgi?id=2922
cve@mitrehttp://osvdb.org/34602
cve@mitrehttp://secunia.com/advisories/24867
cve@mitrehttp://secunia.com/advisories/25724
cve@mitrehttp://secunia.com/advisories/27516
cve@mitrehttp://securitytracker.com/id?1017931
cve@mitrehttp://www.mandriva.com/security/advisories?name=MDKSA-2007:130
cve@mitrehttp://www.securityfocus.com/bid/23546
cve@mitrehttp://www.vupen.com/english/advisories/2007/1444
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=237533
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/33733
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
af854a3a-2127-422b-91ae-364da2661108http://bugs.proftpd.org/show_bug.cgi?id=2922

Is Your Infrastructure Affected by CVE-2007-2165?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-2165

📅 Published

🔄 Last Modified

🔗 References (26)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-2165?