CVE-2021-46854

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.7c

Description The issue is related to a memory disclosure error in the mod radius module of ProFTPD, allowing an attacker to gain unauthorized access to protected information. This error occurs because the module copies blocks of 16 characters, potentially revealing sensitive data to RADIUS servers.

Recommendations For versions prior to 1.3.7c, update to version 1.3.7c or later to resolve the issue. As a temporary workaround, consider disabling the mod radius module until a patch is available. Restrict access to the RADIUS servers to minimize the risk of exploitation.