Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNncyLWp4Y20tMmNyas4AAgH6
Improper Authentication in pyftpdlib
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Permalink: https://github.com/advisories/GHSA-q6w2-jxcm-2crjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNncyLWp4Y20tMmNyas4AAgH6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-q6w2-jxcm-2crj, CVE-2008-7263
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-7263
- https://github.com/giampaolo/pyftpdlib/issues/73
- https://github.com/advisories/GHSA-q6w2-jxcm-2crj
- https://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-5.yaml
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
Blast Radius: 18.3
Affected Packages
pypi:pyftpdlib
Dependent packages: 21Dependent repositories: 326
Downloads: 247,492 last month
Affected Version Ranges: < 0.5.0
Fixed in: 0.5.0
All affected versions: 0.2.0, 0.3.0, 0.4.0
All unaffected versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.7.0, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9