auth_db_config.py in Pyftpd 0.8.4 contains hard-coded...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 22, 2024
Description
Published by the National Vulnerability Database
Jun 16, 2010
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 22, 2024
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
References