ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability

ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability

ProFTPD is reported prone to a security-restriction-bypass vulnerability because of an error in the AUTH API.

Attackers may exploit this issue to bypass security controls when multiple modules are configured with disparate authentication policies.

ProFTPD 1.2 and 1.3 branches are reported vulnerable; other versions may be affected as well.

NOTE: The latest version in the CVS repository reportedly addresses this issue.