Serv-U Empty Password Authentication Bypass Vulnerability Network Vulnerability

Summary

Serv-U is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. However, this requires that the application has password-based authentication disabled. Serv-U 10.2.0.2 and versions prior to 10.3.0.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://www.serv-u.com/
http://www.serv-u.com/releasenotes/
https://www.securityfocus.com/bid/44905

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)

Take action and discover your vulnerabilities