Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain Mini FTP Server Does Not Limit Invalid Authentication Attempts
SecurityTracker Alert ID:  1013408
SecurityTracker URL:
CVE Reference:   CVE-2005-0798   (Links to External Site)
Updated:  Nov 13 2006
Original Entry Date:  Mar 9 2005
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.3 and prior versions
Description:   A vulnerability was reported in Novell iChain in the Mini FTP Server. The FTP service does not limit unsuccessful login attempts.

The MiniFTP server does not perform intruder detection or failed login lockout. If the MiniFTP server is enabled and access to the MiniFTP server is enabled, then a remote user can make unlimited login attempts without being locked out.

Impact:   A remote user can make unlimited, unsuccessful login attempts.
Solution:   The vendor has issued a fix as part of iChain 2.3 Support Pack 4 Interim Release 2 version 2.3.320.

The Novell advisories are available at:

Vendor URL: (Links to External Site)
Cause:   State error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC