Main Vulnerability Database Vulnerabilities #VU43432

Cryptographic issues in FTP Server - CVE-2012-5301

Published: October 4, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43432

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-5301

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cerberus

Affected software:
FTP Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data.

How to mitigate CVE-2012-5301

Install update from vendor's website.

Sources

http://www.cerberusftp.com/products/releasenotes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79503

Cryptographic issues in FTP Server - CVE-2012-5301

Detailed vulnerability description

How to mitigate CVE-2012-5301

Sources

Please verify you're human