CVE-2007-6737

HIGH7.3EPSS 0.54%

Improper Authentication in pyftpdlib

發布日:2022/5/1修改日:2024/10/21
也稱為:GHSA-9x66-ghqx-8g5rPYSEC-2010-21

描述

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.

受影響套件(2)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
osvCVSS 3.1HIGH7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(9)