CVE-2024-7745
EUVD-2024-4862228.08.2024, 17:15
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| progress | ws_ftp_server | 𝑥 < 8.8.8 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| progress | ws_ftp_server | 𝑥 < 8.8.8 | ADP |
Common Weakness Enumeration
- CWE-290 - Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.