CVE-2010-2073 Information

Description

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test (2) user and (3) roxon accounts which allows remote attackers to read arbitrary files from the FTP server.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776 http://www.openwall.com/lists/oss-security/2010/06/13/2 http://www.securityfocus.com/bid/40839 https://exchange.xforce.ibmcloud.com/vulnerabilities/59431