Short Name |
FTP:USER:ACFTP-BAD-LOGIN |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
FTP |
Keywords |
acFTP Invalid Login Issue |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
acFTP contains a flaw during the authentication process that allows a malicious user to login with the username "private" and invalid password. The login will fail, but all activity performed after this will be masked as this user. This can the attacker to log in as another user, and perform illegal operations withing having to worry about being logged.
Remote attackers could gain elevated privileges on a server without being authenticated. They are also essentially anonymous, as they are not properly identified in the system logs.