PYSEC-2010-21
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-21.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2010-21
- Aliases
-
- CVE-2007-6737
- GHSA-9x66-ghqx-8g5r
- Published
- 2010-10-19T20:00:00Z
- Modified
- 2023-11-01T04:43:44.577387Z
- Summary
- [none]
- Details
-
FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.
- References
-
- http://code.google.com/p/pyftpdlib/issues/detail?id=20
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=23
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn23&r=23&format=side&path=/trunk/pyftpdlib/FTPServer.py
- https://github.com/advisories/GHSA-9x66-ghqx-8g5r
Affected packages
PyPI / pyftpdlib
Package
- Name
- pyftpdlib
- View open source insights on deps.dev
- Purl
- pkg:pypi/pyftpdlib