← CVECheck
HomeVulnerabilities

CVE-2001-1356 — HIGH severity vulnerability (NetWin SurgeFTP 2.0f and earlier encrypts passwords using we)

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

CVE IDCVE-2001-1356
SeverityHIGH
CVSS score10.0
CVSS vectorAV:N/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2001-08-04
Last modified2026-04-16
DescriptionNetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →