FTP: acFTP Invalid Login Issue
acFTP contains a flaw during the authentication process that allows a malicious user to login with the username "private" and invalid password. The login will fail, but all activity performed after this will be masked as this user. This can the attacker to log in as another user, and perform illegal operations withing having to worry about being logged.
Extended Description
Remote attackers could gain elevated privileges on a server without being authenticated. They are also essentially anonymous, as they are not properly identified in the system logs.
References
URL: http://www.security.nnov.ru/search/document.asp?docid=3805
Short Name
FTP:USER:ACFTP-BAD-LOGIN
Severity
Warning
Recommended
False
Recommended Action
None
Category
FTP
Keywords
Invalid Issue Login acFTP
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3324
False Positive
Unknown