CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2001-1356

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile0.87th
Published2001年8月4日
Last Modified2026年4月16日

Vulnerability Description

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Affected Platforms (CPE)

📦
Netwin

Surgeftp

= 2.0a
📦
Netwin

Surgeftp

= 2.0b
📦
Netwin

Surgeftp

= 2.0c
📦
Netwin

Surgeftp

= 2.0d
📦
Netwin

Surgeftp

= 2.0e
📦
Netwin

Surgeftp

= 2.0f

References & Advisories

🔗 http://online.securityfocus.com/archive/1/201951
🔗 http://www.iss.net/security_center/static/6961.php
🔗 http://www.securityfocus.com/bid/3157
🔗 http://online.securityfocus.com/archive/1/201951
🔗 http://www.iss.net/security_center/static/6961.php
🔗 http://www.securityfocus.com/bid/3157

相關漏洞威脅

CVE-2001-135510.0

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other ...

CVE-2007-37688.5

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malfo...

CVE-2013-47427.5

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute ar...

CVE-2008-10526.4

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon...