CVE-2008-7263

pyftpdlib <0.5.0 - DoS

Title source: llm

Description

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

References (4)

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/detail?r=348

[Issue Tracking] http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py

[Issue Tracking] http://code.google.com/p/pyftpdlib/issues/detail?id=73

Scores

EPSS 0.0065

EPSS Percentile 70.5%

Classification

CWE

CWE-287

Status draft

Affected Products (6)

g.rodola/pyftpdlib < 0.4.0

g.rodola/pyftpdlib

pypi/pyftpdlib < 0.5.0PyPI

Timeline

Published Oct 19, 2010

Tracked Since Feb 18, 2026