CatSoft FTP Serv-U Brute-Force Vulnerability
FTP Serv-U is an internet FTP server from CatSoft.
FTP Serv-U contains an anti brute-force security feature which does not indicate whether an account is valid or not, after three unsuccessful login attempts a user is disconnected. Reconnection is not permitted until after a specified amount of time.
It is possible for a remote user to bypass the anti brute-force function within FTP Serv-U. Once successfully logged into the server either anonymously or with a valid account, a user can from that point brute force other usernames and passwords without ever being disconnected.
This could lead to a compromise of other user accounts on the ftp server.