Untill a about 3 weeks ago, we have been PCI compliant. Now the Qualys PCI compliant scanner says ur FTP server not complaint (FTP server does not support the AUTH command). Nothing has changed with the FTP server, Qualys have said the scanner has been updated. Our web server is running Microsoft IIS6.
Can I make the FTP on IIS6 complaint? If so, how?!
QID: 27356 CVSS Base: 4.8
Category: File Transfer Protocol CVSS Temporal: 4.5
Port/Service: 21 / File Transfer Protocol (tcp) False Positive: N/A
Bugtraq ID: -
CVE ID: -
Vendor Reference: -
Last Update: 05/02/2012 at 01:17:31
The remote FTP server does not support the AUTH command, which makes FTP clients send credentials in clear text.
If this vulnerability is successfully exploited, attackers can intercept the credentials by eavesdropping on the connection.
Upgrade/migrate to a FTP server that supports the AUTH command.
500 'AUTH GSSAPI': command not understood