CVE-2007-6737

pyftpdlib <0.2.0 - Info Disclosure

Title source: llm

Description

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.

References (4)

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/detail?r=23

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/diff?spec=svn23&r=23&format=side&path=/trunk/pyftpdlib/FTPServer.py

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

[Issue Tracking] http://code.google.com/p/pyftpdlib/issues/detail?id=20

Scores

EPSS 0.0054

EPSS Percentile 67.3%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

g.rodola/pyftpdlib < 0.1.1

g.rodola/pyftpdlib

pypi/pyftpdlib < 0.2.0PyPI

Timeline

Published Oct 19, 2010

Tracked Since Feb 18, 2026