CVE Vulnerabilities

CVE-2008-5124

Improper Authentication

Published: Nov 18, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Secure_ftp_applet Jscape 2.6 2.6
Secure_ftp_applet Jscape * 4.8.0
Secure_ftp_applet Jscape 3.0.3 3.0.3
Secure_ftp_applet Jscape 3.0.1 3.0.1
Secure_ftp_applet Jscape 1.4 1.4
Secure_ftp_applet Jscape 4.4.0 4.4.0
Secure_ftp_applet Jscape 2.0 2.0
Secure_ftp_applet Jscape 4.7 4.7
Secure_ftp_applet Jscape 4.6.0 4.6.0
Secure_ftp_applet Jscape 1.3 1.3
Secure_ftp_applet Jscape 4.3.0 4.3.0
Secure_ftp_applet Jscape 1.2 1.2
Secure_ftp_applet Jscape 2.5 2.5
Secure_ftp_applet Jscape 3.0.4 3.0.4
Secure_ftp_applet Jscape 1.5 1.5
Secure_ftp_applet Jscape 1.6 1.6
Secure_ftp_applet Jscape 3.0 3.0
Secure_ftp_applet Jscape 4.0 4.0
Secure_ftp_applet Jscape 1.1 1.1
Secure_ftp_applet Jscape 4.5.0 4.5.0
Secure_ftp_applet Jscape 4.2.0 4.2.0
Secure_ftp_applet Jscape 3.0.2 3.0.2
Secure_ftp_applet Jscape 2.1 2.1

Potential Mitigations

References