Lucene search
MitreCVE-2001-1356HistoryJun 11, 2002 - 4:00 a.m.
CVE-2001-1356
2002-06-1104:00:00
mitre
web.nvd.nist.gov
23
netwin
surgeftp
weak-hashing
brute-force-attacks
cve-2001-1356
nvd.
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.01
Percentile
83.8%
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Affected configurations
Node
netwinsurgeftpMatch2.0a
ORnetwinsurgeftpMatch2.0b
ORnetwinsurgeftpMatch2.0c
ORnetwinsurgeftpMatch2.0d
ORnetwinsurgeftpMatch2.0e
ORnetwinsurgeftpMatch2.0f
| Vendor | Product | Version | CPE |
|---|---|---|---|
| netwin | surgeftp | 2.0a | cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:* |
| netwin | surgeftp | 2.0b | cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:* |
| netwin | surgeftp | 2.0c | cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:* |
| netwin | surgeftp | 2.0d | cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:* |
| netwin | surgeftp | 2.0e | cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:* |
| netwin | surgeftp | 2.0f | cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:* |
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.01
Percentile
83.8%
Related for CVE-2001-1356