Serv-U < 10.3.0.1 SFTP Authentication Bypass

medium Nessus Plugin ID 50659

Synopsis

The remote SSH service is affected by an authentication bypass vulnerability.

Description

According to its banner, the installed version of Serv-U is earlier than 10.3.0.1 and is, therefore, potentially affected by the following issue :

- If the SFTP server has been configured to only allow public key authentication, it can be bypassed for users accounts that have no password.

Solution

Upgrade to Serv-U version 10.3.0.1 or later.

See Also

https://support.solarwinds.com/Success_Center/Serv-U_Managed_File_Transfer_Serv-U_FTP_Server/Serv-U_Documentation/release_notes

Plugin Details

Severity: Medium

ID: 50659

File Name: servu_10_3_0_1.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 11/19/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: Services/ssh

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2010

Vulnerability Publication Date: 11/16/2010

Reference Information

BID: 44905

Secunia: 42261