Pablo FTP Service Default Configuration Vulnerability

vendor:

Pablo FTP Service

by:

SecurityFocus

7.5

CVSS

HIGH

Insufficient Restriction of Anonymous Account

287

CWE

Product Name: Pablo FTP Service

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:pablo_software_solutions:pablo_ftp_service

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

Pablo FTP Service Default Configuration Vulnerability

It has been reported that Pablo FTP Service does not sufficiently restrict the anonymous user account, which is active by default. Because of this, a default configuration may provide a conduit for the disclosure of potentially sensitive information. An attacker may exploit this vulnerability to access arbitrary files on the underlying system and potentially disclose sensitive information.

Mitigation:

Disable the anonymous user account or restrict access to only certain directories.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7799/info

An issue in Pablo FTP Service may make it possible for remote users to perform unauthorized actions.

It has been reported that Pablo FTP Service does not sufficiently restrict the anonymous user account, which is active by default. Because of this, a default configuration may provide a conduit for the disclosure of potentially sensitive information.

An attacker may exploit this vulnerability to access arbitrary files on the underlying system and potentially disclose sensitive information.

It should be noted that while this vulnerability has been reported to affect Pablo FTP service version 1.2, other versions might also be affected. 

ftp://www.example.com/windows/repair/sam