CVE-2008-7263: Improper Authentication in pyftpdlib

May 17, 2022 (updated October 23, 2024)

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

References

github.com/advisories/GHSA-q6w2-jxcm-2crj
github.com/giampaolo/pyftpdlib
github.com/giampaolo/pyftpdlib/issues/73
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-5.yaml
nvd.nist.gov/vuln/detail/CVE-2008-7263

Code Behaviors & Features

Detect and mitigate CVE-2008-7263 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →