CVE-2008-0604

EUVD-2008-0614
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
xlight_ftp_serverxlight_ftp_server
𝑥
≤ 2.82
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/28755
http://www.securityfocus.com/bid/27602
http://www.xlightftpd.com/whatsnew.htm
http://secunia.com/advisories/28755
http://www.securityfocus.com/bid/27602
http://www.xlightftpd.com/whatsnew.htm