Vulnerability Details CVE-2002-2417
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
- http://securityreason.com/securityalert/3334
- http://www.iss.net/security_center/static/10681.php
- http://www.securityfocus.com/archive/1/300929
- http://www.securityfocus.com/bid/6235
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
- http://securityreason.com/securityalert/3334
- http://www.iss.net/security_center/static/10681.php
- http://www.securityfocus.com/archive/1/300929
- http://www.securityfocus.com/bid/6235