Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
FTP:USER:ACFTP-BAD-LOGIN |
|---|---|
Severity |
Warning |
Recommended |
No |
Category |
FTP |
Keywords |
acFTP Invalid Login Issue |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
FTP: acFTP Invalid Login Issue
acFTP contains a flaw during the authentication process that allows a malicious user to login with the username "private" and invalid password. The login will fail, but all activity performed after this will be masked as this user. This can the attacker to log in as another user, and perform illegal operations withing having to worry about being logged.
Extended Description
Remote attackers could gain elevated privileges on a server without being authenticated. They are also essentially anonymous, as they are not properly identified in the system logs.
References