Weak Password Encryption in NetWin SurgeFTP 2.0f and Earlier Allows Brute Force Attacks on Administrator Account
CVE-2001-1356 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Learn more about our Web Application Penetration Testing UK.