CVE-2008-0604

The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.

Published: Feb 6, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0604
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
xlight_ftp_server / xlight_ftp_server	-	2.82.x

http://secunia.com/advisories/28755
http://www.securityfocus.com/bid/27602
http://www.xlightftpd.com/whatsnew.htm

Vulnerability Database

289,784

CVE-2008-0604