Vulnerabilities > CVE-2001-1356 - Weak Password Encryption vulnerability in SurgeFTP

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

netwin

critical

NVD

Published: 2001-08-04

Updated: 2008-09-05

Summary

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Vulnerable Configurations

Part	Description	Count
Application	Netwin Netwin Surgeftp 2.0A Netwin Surgeftp 2.0B Netwin Surgeftp 2.0C Netwin Surgeftp 2.0D Netwin Surgeftp 2.0E Netwin Surgeftp 2.0F	6

References

http://online.securityfocus.com/archive/1/201951
http://www.iss.net/security_center/static/6961.php
http://www.securityfocus.com/bid/3157