| VID |
16093 |
| Severity |
20 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ArGoSoft FTP Server, according to its banner, allow unlimited number of login attempts. ArGoSoft FTP Server is a freely available FTP server for Microsoft Windows platforms. ArGoSoft FTP Server version 1.4.2.4 and earlier allow unlimited number of login attempts. This issue in conjunction with the user enumeration vulnerability would not only allow for brute force password cracking of a known username, but for a quick brute force attack to find valid usernames.
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://securityfocus.com/archive/1/385855
http://www.lovebug.org/argosoft_advisory.txt
* Platforms Affected:
ArGoSoft FTP Server 1.4.2.4 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of January 2005.
Upgrade to the new version of ArGoSoft FTP Server, when new version fixed this problem becomes available from the ArGoSoft FTP Server Web page at http://www.argosoft.com/applications/ftpserver/download.asp |
| Related URL |
CVE-2004-1429 (CVE) |
| Related URL |
12139 (SecurityFocus) |
| Related URL |
18722 (ISS) |
|
