Anonymous FTP Enabled

medium Nessus Plugin ID 10079

Synopsis

Anonymous logins are allowed on the remote FTP server.

Description

Brute force setting must be enabled to use this plugin.

Nessus has detected that the FTP server running on the remote host allows anonymous logins. Therefore, any remote user may connect and authenticate to the server without providing a password or unique credentials. This allows the user to access any files made available by the FTP server.

Solution

Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure that sensitive content is not being made available.

Plugin Details

Severity: Medium

ID: 10079

File Name: ftp_anonymous.nasl

Version: 1.60

Type: remote

Family: FTP

Published: 6/22/1999

Updated: 8/16/2023

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Tenable gives a confidentiality impact of partial since the issue could allow unwanted access to file system.

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-1999-0497

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 7/1/1993

Reference Information

CVE: CVE-1999-0497

BID: 83206