CVE-2008-7263 – pyftpdlib

Package

Manager: pip
Name: pyftpdlib
Vulnerable Version: >=0 <0.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00647 pctl0.6986

Details

Improper Authentication in pyftpdlib ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Metadata

Created: 2022-05-17T05:47:38Z
Modified: 2024-10-23T15:57:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q6w2-jxcm-2crj/GHSA-q6w2-jxcm-2crj.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-q6w2-jxcm-2crj
Finding: F039
Auto approve: 1