Incorrect Implementation of Authentication Algorithm

CVE-2024-9999

Medium

6.5/10

Summary

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-303 - Incorrect Implementation of Authentication Algorithm

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References

Advisory Timeline

Published Nov 12, 2024

Incorrect Implementation of Authentication Algorithm

CVE-2024-9999

Summary

CWE-303 - Incorrect Implementation of Authentication Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS