CVE-2002-2417

EPSS 4.2%

acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/22032unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html http://securityreason.com/securityalert/3334 http://www.iss.net/security_center/static/10681.php http://www.securityfocus.com/archive/1/300929 http://www.securityfocus.com/bid/6235