Serv-U Empty Password Authentication Bypass Vulnerability Network Vulnerability

Summary

Serv-U is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. However, this requires that the application has password-based authentication disabled. Serv-U 10.2.0.2 and versions prior to 10.3.0.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.serv-u.com/
http://www.serv-u.com/releasenotes/
https://www.securityfocus.com/bid/44905

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Media Server Video Stream Capture Security Issue
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Apple Safari WebKit Information Disclosure Vulnerability (Windows)
Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability

Take action and discover your vulnerabilities