Unrated severityNVD Advisory· Published Apr 22, 2007· Updated Jun 16, 2026
CVE-2007-2165
CVE-2007-2165
Description
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
13- bugs.proftpd.org/show_bug.cginvdPatch
- bugs.debian.org/cgi-bin/bugreport.cginvdVendor Advisory
- secunia.com/advisories/24867nvdVendor Advisory
- securitytracker.com/idnvdVendor Advisory
- osvdb.org/34602nvd
- secunia.com/advisories/25724nvd
- secunia.com/advisories/27516nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/23546nvd
- www.vupen.com/english/advisories/2007/1444nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/33733nvd
- www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.htmlnvd
News mentions
0No linked articles in our index yet.