VYPR
Unrated severityNVD Advisory· Published Apr 22, 2007· Updated Jun 16, 2026

CVE-2007-2165

CVE-2007-2165

Description

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Proftpd/Proftpd2 versions
    cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*range: <=1.3.0_rc1
    • (no CPE)range: < 20070417

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.