Skip navigation
5480 Views 4 Replies Latest reply: Jun 11, 2012 6:35 AM by Kelvin Davis RSS
Kelvin Davis Lurker 3 posts since
Dec 28, 2011
Currently Being Moderated

May 22, 2012 7:51 AM

FTP

Hi,

 

Untill a about 3 weeks ago, we have been PCI compliant. Now the Qualys PCI compliant scanner says ur FTP server not complaint (FTP server does not support the AUTH command). Nothing has changed with the FTP server, Qualys have said the scanner has been updated. Our web server is running Microsoft IIS6.

 

Can I make the FTP on IIS6 complaint? If so, how?!

 

Thanks!

 

=====================================================================================

QID:  27356  CVSS Base:  4.8
Category:  File Transfer Protocol CVSS Temporal:  4.5
Port/Service:  21 / File Transfer Protocol (tcp) False Positive:  N/A
Bugtraq ID:  -
CVE ID:  -
Vendor Reference:  -
Last Update:  05/02/2012 at 01:17:31
Threat:
The remote FTP server does not support the AUTH command, which makes FTP clients send credentials in clear text.

Impact:
If this vulnerability is successfully exploited, attackers can intercept the credentials by eavesdropping on the connection.

Solution:
Upgrade/migrate to a FTP server that supports the AUTH command.

Result:
500 'AUTH GSSAPI': command not understood

=====================================================================================

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points