Weak Password Encryption in NetWin SurgeFTP 2.0f and Earlier Allows Brute Force Attacks on Administrator Account

Weak Password Encryption in NetWin SurgeFTP 2.0f and Earlier Allows Brute Force Attacks on Administrator Account

CVE-2001-1356 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Learn more about our Web Application Penetration Testing UK.