VYPR
Unrated severityNVD Advisory· Published Aug 4, 2001· Updated Jun 16, 2026

CVE-2001-1356

CVE-2001-1356

Description

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Affected products

7
  • Netwin/Surgeftp7 versions
    cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:netwin:surgeftp:2.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeftp:2.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:*
    • cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:*
    • (no CPE)range: <=2.0f

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.