Vulnerability Description
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| G.Rodola | Pyftpdlib | <= 0.4.0 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&pat
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&pat
FAQ
What is CVE-2008-7263?
CVE-2008-7263 is a vulnerability with a CVSS score of 7.5 (HIGH). ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
How severe is CVE-2008-7263?
CVE-2008-7263 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7263?
Check the references section above for vendor advisories and patch information. Affected products include: G.Rodola Pyftpdlib.