CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1356

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile0.87th
PublishedAug 4, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Affected Platforms (CPE)

πŸ“¦
Netwin

Surgeftp

= 2.0a
πŸ“¦
Netwin

Surgeftp

= 2.0b
πŸ“¦
Netwin

Surgeftp

= 2.0c
πŸ“¦
Netwin

Surgeftp

= 2.0d
πŸ“¦
Netwin

Surgeftp

= 2.0e
πŸ“¦
Netwin

Surgeftp

= 2.0f

References & Advisories

πŸ”— http://online.securityfocus.com/archive/1/201951
πŸ”— http://www.iss.net/security_center/static/6961.php
πŸ”— http://www.securityfocus.com/bid/3157
πŸ”— http://online.securityfocus.com/archive/1/201951
πŸ”— http://www.iss.net/security_center/static/6961.php
πŸ”— http://www.securityfocus.com/bid/3157

Related Vulnerabilities

CVE-2001-135510.0

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other ...

CVE-2007-37688.5

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malfo...

CVE-2013-47427.5

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute ar...

CVE-2008-10526.4

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon...