Description
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/22032
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6235
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3334
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10681.php
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/300929
Scores
EPSS
0.0572
EPSS Percentile
90.5%
Details
CWE
CWE-287
Status
published
Products (1)
acftp/acftp
1.4
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026