CVE-2007-6737 — Improper Authentication in Pyftpdlib

CWE-287 — Improper Authentication5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 1

Description

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.2.0

▶NVDg.rodola/pyftpdlib0.1.1+1

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

GHSA

Improper Authentication in pyftpdlib↗2022-05-01

▶

OSV

Improper Authentication in pyftpdlib↗2022-05-01

▶

OSV

CVE-2007-6737: FTPServer↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2007-6737: python-pyftpdlib - FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins c...↗2007

▶