CVE-2008-7263
published 2010-10-19CVE-2008-7263: ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to…
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.56%
72.1th percentile
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pyftpdlib | — | — |
| g.rodola | pyftpdlib | <= 0.4.0 | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | >= 0 < 0.5.0 | 0.5.0 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Authentication in pyftpdlib
ghsa·2022-05-17
CVE-2008-7263 [MEDIUM] CWE-287 Improper Authentication in pyftpdlib
Improper Authentication in pyftpdlib
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
OSV
Improper Authentication in pyftpdlib
osv·2022-05-17
CVE-2008-7263 [MEDIUM] Improper Authentication in pyftpdlib
Improper Authentication in pyftpdlib
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
OSV
CVE-2008-7263: ftpserver
osv·2010-10-19
CVE-2008-7263 CVE-2008-7263: ftpserver
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Debian
CVE-2008-7263: python-pyftpdlib - ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receivi...
vendor_debian·2008·CVSS 7.5
CVE-2008-7263 [HIGH] CVE-2008-7263: python-pyftpdlib - ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receivi...
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://code.google.com/p/pyftpdlib/issues/detail?id=73http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=348http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.pyhttp://code.google.com/p/pyftpdlib/issues/detail?id=73http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=348http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
2010-10-19
Published