Home > Vulnerability Database > CVE-2007-2165

Mend.io Vulnerability Database

CVE-2007-2165

Date: April 22, 2007

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

Severity Score

5.6

Related Resources (15)

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255

Url: http://www.securityfocus.com/bid/23546

Url: http://www.vupen.com/english/advisories/2007/1444

Url: http://securitytracker.com/id?1017931

Url: http://secunia.com/advisories/25724

Url: http://secunia.com/advisories/24867

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2165

Url: http://secunia.com/advisories/27516

Url: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:130

Url: https://bugzilla.redhat.com/show_bug.cgi?id=237533

Url: http://bugs.proftpd.org/show_bug.cgi?id=2922

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/33733

Url: http://osvdb.org/34602

Url: https://www.mend.io/vulnerability-database/CVE-2007-2165

Severity Score

5.6

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-2165

Date: April 22, 2007

Severity Score

Related Resources (15)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?