CVE-2007-2165

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 20070417

Description The issue allows remote attackers to bypass authentication when multiple simultaneous authentication modules are configured in the Auth API. This is because the module checking authentication does not have to be the same as the module retrieving authentication data. For example, using SQLAuthTypes Plaintext in mod sql with data retrieved from /etc/passwd can demonstrate this issue.

Recommendations For ProFTPD versions prior to 20070417, update to a version released after 20070417 to resolve the issue. As a temporary workaround, consider restricting the use of multiple simultaneous authentication modules to minimize the risk of exploitation.