CVE-2024-7745

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*

History

04 Sep 2024, 17:57

Type Values Removed Values Added
References () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 - () https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 - Vendor Advisory
References () https://www.progress.com/ftp-server - () https://www.progress.com/ftp-server - Product
CPE cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*
First Time Progress
Progress ws Ftp Server
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 8.1
CWE CWE-287

29 Aug 2024, 13:25

Type Values Removed Values Added
Summary
  • (es) En las versiones del servidor WS_FTP anteriores a 8.8.8 (2022.0.8), un paso crítico faltante en la autenticación multifactor del módulo de transferencia web permite a los usuarios omitir la verificación de segundo factor e iniciar sesión solo con nombre de usuario y contraseña.

28 Aug 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 17:15

Updated : 2024-09-04 17:57


NVD link : CVE-2024-7745

Mitre link : CVE-2024-7745

CVE.ORG link : CVE-2024-7745


JSON object : View

Products Affected

progress

  • ws_ftp_server
CWE
CWE-287

Improper Authentication

CWE-290

Authentication Bypass by Spoofing

CWE-304

Missing Critical Step in Authentication