Default Account and Password Vulnerability in Serv-U FTP Server before 5.1.0.0

Default Account and Password Vulnerability in Serv-U FTP Server before 5.1.0.0

CVE-2004-2532 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

Learn more about our Cis Benchmark Audit For Server Software.