CVE-2024-7745 Information

Description

In WS_FTP Server versions before 8.8.8 (2022.0.8) a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

Reference

https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-August-2024 https://www.progress.com/ftp-server