Hi
We got a report that core FTP mini server version 2.3.3 is vulnerable for "SSH Protocol Authentication Bypass (Remote Exploit Check)"
This was detected with a Nessus port scanner.
As the exploit is very old, i guess this is a wrong positive.
But whats the argument against the security guys?
Thanks and best
Bruno
SSH Protocol Authentication Bypass (Remote Exploit Check)
-
ForumAdmin
- Site Admin
- Posts: 998
- Joined: Mon Mar 24, 2003 4:37 am
Re: SSH Protocol Authentication Bypass (Remote Exploit Check)
This looks to be a libssh issue and may not apply to Core FTP software.
If there is an example of this bypass, please forward to feedback at coreftp.com
If there is an example of this bypass, please forward to feedback at coreftp.com
Re: SSH Protocol Authentication Bypass (Remote Exploit Check)
Hi
I'm a little confused because libssh is part of the core ftp mini server. and we could not simply replace it.
What version of libssh is used in the core FTP mini server version 2.3.3?
Thanks and best
Bruno
I'm a little confused because libssh is part of the core ftp mini server. and we could not simply replace it.
What version of libssh is used in the core FTP mini server version 2.3.3?
Thanks and best
Bruno
-
ForumAdmin
- Site Admin
- Posts: 998
- Joined: Mon Mar 24, 2003 4:37 am
Re: SSH Protocol Authentication Bypass (Remote Exploit Check)
The mini server does *not* utilize libssh - it is not used in Core FTP mini server
What would be needed is a test demonstrating that the same issue occurs with the mini server to verify this issue actually exists.
What would be needed is a test demonstrating that the same issue occurs with the mini server to verify this issue actually exists.