Description
ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.
Product(s):
- Argosoft FTP Server
- ArGoSoft FTP Server 1.2.2.2
- Argosoft FTP Server 1.4.1.1
- Argosoft FTP Server 1.4.1.2
- Argosoft FTP Server 1.4.1.3
- ArGoSoft FTP Server 1.4.1.4
- ArGoSoft FTP Server 1.4.1.5
- ArGoSoft FTP Server 1.4.1.6
- ArGoSoft FTP Server 1.4.1.7
- ArGoSoft FTP Server 1.4.1.8
- ArGoSoft FTP Server 1.4.1.9
- ArGoSoft FTP Server 1.4.2.1
- ArGoSoft FTP Server 1.4.2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1429, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1429 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.