Vulnerabilities > CVE-2008-0604 - Credentials Management vulnerability in Xlight FTP Server Xlight FTP Server

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

xlight-ftp-server

CWE-255

NVD

Published: 2008-02-06

Updated: 2008-09-05

Summary

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.

Vulnerable Configurations

Part	Description	Count
Application	Xlight_Ftp_Server Xlight FTP Server Xlight FTP Server *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://secunia.com/advisories/28755
http://www.securityfocus.com/bid/27602
http://www.xlightftpd.com/whatsnew.htm