CVE-2008-7263 — Improper Authentication in Pyftpdlib

CWE-287 — Improper Authentication5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 17

Description

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.5.0

▶NVDg.rodola/pyftpdlib0.4.0+4

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

GHSA

Improper Authentication in pyftpdlib↗2022-05-17

▶

OSV

Improper Authentication in pyftpdlib↗2022-05-17

▶

OSV

CVE-2008-7263: ftpserver↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2008-7263: python-pyftpdlib - ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receivi...↗2008

▶