Serv-U Empty Password Authentication Bypass Vulnerability Network Vulnerability

Summary

Serv-U is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. However, this requires that the application has password-based authentication disabled. Serv-U 10.2.0.2 and versions prior to 10.3.0.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.serv-u.com/
http://www.serv-u.com/releasenotes/
https://www.securityfocus.com/bid/44905

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Remote Code Execution Vulnerability - Sep14
Apache Tomcat Default Accounts
Avant Browser Address Bar Spoofing Vulnerability
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)

Take action and discover your vulnerabilities