CVE-2008-5124

Jscape Secure FTP Applet < 4.8.0 - Authentication Bypass

Title source: rule

Description

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.

References (9)

Scores

EPSS 0.0131
EPSS Percentile 79.6%

Classification

CWE
CWE-287
Status draft

Affected Products (23)

jscape/secure_ftp_applet < 4.8.0
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
jscape/secure_ftp_applet
... and 8 more

Timeline

Published Nov 18, 2008
Tracked Since Feb 18, 2026