JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
BID:29882
Info
JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
| Bugtraq ID: | 29882 |
| Class: | Design Error |
| CVE: |
CVE-2008-5124 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 23 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | n.runs |
| Vulnerable: |
JSCAPE Secure FTP Applet 4.8 |
| Not Vulnerable: |
JSCAPE Secure FTP Applet 4.9 |
Discussion
JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
JSCAPE Secure FTP Applet is prone to a security-bypass vulnerability because the application fails to properly validate the identity of the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.
The issue affects versions prior to Secure FTP Applet 4.9.0.
JSCAPE Secure FTP Applet is prone to a security-bypass vulnerability because the application fails to properly validate the identity of the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers. This will aid in further attacks.
The issue affects versions prior to Secure FTP Applet 4.9.0.
Exploit / POC
JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
To exploit this issue, attackers can use readily available tools.
To exploit this issue, attackers can use readily available tools.
Solution / Fix
JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
Solution:
The vendor has released fixes. Please see the references for more information.
Solution:
The vendor has released fixes. Please see the references for more information.
References
JSCAPE Secure FTP Applet Host Key Validation Security Bypass Vulnerability
References:
References: