CVE-2007-2165


Severity : Medium
Published : 2007-04-22
Modified : 2008-11-13
Base Score : 5.1
Details : The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
Product/Version :  
 
 

CVE Vulnerabilities List CVE-2007

CVE-2007-0062CVE-2007-0247CVE-2007-0248CVE-2007-0910
CVE-2007-0988CVE-2007-1001CVE-2007-1217CVE-2007-1218
CVE-2007-1286CVE-2007-1536CVE-2007-1718CVE-2007-1863
CVE-2007-2165CVE-2007-2242CVE-2007-2438CVE-2007-2451
CVE-2007-2754CVE-2007-2876CVE-2007-2953CVE-2007-3107
CVE-2007-3108CVE-2007-3374CVE-2007-3799CVE-2007-3806
CVE-2007-3998CVE-2007-4091CVE-2007-4131CVE-2007-4476
CVE-2007-4567CVE-2007-4570CVE-2007-4573CVE-2007-4657
CVE-2007-4769CVE-2007-4772CVE-2007-4826CVE-2007-5000
CVE-2007-5093CVE-2007-5116CVE-2007-5269CVE-2007-5794
CVE-2007-5966CVE-2007-6067CVE-2007-6151CVE-2007-6199
CVE-2007-6200CVE-2007-6203CVE-2007-6388CVE-2007-6417
CVE-2007-6420CVE-2007-6421CVE-2007-6422CVE-2007-6694
CVE-2007-6698CVE-2007-6716