CVE-2002-2417

Acftp - Authentication Bypass

Title source: rule

Description

acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matthew Murphy · textremotewindows

https://www.exploit-db.com/exploits/22032

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://securityreason.com/securityalert/3334

[Exploit] http://www.securityfocus.com/bid/6235

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/300929

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html

[Third Party Advisory] http://www.iss.net/security_center/static/10681.php

Scores

EPSS 0.0531

EPSS Percentile 89.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

acftp/acftp

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026