FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
Software | From | Fixed in |
---|---|---|
g.rodola / pyftpdlib | - | 0.1.1.x |
g.rodola / pyftpdlib | 0.1 | 0.1.x |
pyftpdlib | - | 0.2.0 |