Security Vulnerability: FTP Users with Blank Password Allowed

Overview

Security scans might report "FTP users with Blank Password Allowed".

Solution

Users can access the FTP server with a blank password. Unauthorized users can view sensitive information and, under specific circumstances, may be able to obtain remote shell access.

By default, FTP is disabled in Lithium installation. It is only enabled when the client requests it. SFTP is available to be used if you wish to do so. If you need to use FTP, you must adjust the account and directory access to make it more secure.

Handling OS Security Vulnerabilities in Lithium

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Priyanka Bhotika
Posted
Updated

Comments

Please sign in to comment

Security Vulnerability: FTP Users with Blank Password Allowed

Overview

Solution

Related Articles

Priyanka Bhotika

Comments