Home > Vulnerability Database > CVE-2007-2165

Mend.io Vulnerability Database

CVE-2007-2165

Date: April 22, 2007

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

Severity Score

6.8

Related Resources (15)

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255

Url: http://www.securityfocus.com/bid/23546

Url: http://www.vupen.com/english/advisories/2007/1444

Url: http://securitytracker.com/id?1017931

Url: http://secunia.com/advisories/25724

Url: http://secunia.com/advisories/24867

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2165

Url: http://secunia.com/advisories/27516

Url: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:130

Url: https://bugzilla.redhat.com/show_bug.cgi?id=237533

Url: http://bugs.proftpd.org/show_bug.cgi?id=2922

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/33733

Url: http://osvdb.org/34602

Url: https://www.mend.io/vulnerability-database/CVE-2007-2165

Severity Score

6.8

CVSS v3

Base Score:	6.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.6
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-2165

Date: April 22, 2007

Severity Score

Related Resources (15)

Severity Score

CVSS v3

CVSS v2

Do you need more information?