[MacPorts] #66784: Able to login in FTP server anonymously
MacPorts
noreply at macports.org
Sun Jan 29 14:16:31 UTC 2023
#66784: Able to login in FTP server anonymously
-------------------------+--------------------
Reporter: Ghost788769 | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Keywords: | Port:
-------------------------+--------------------
Steps Reproduce:
1. Run command: ftp rsync-origin.macports.org
2. Enter username: anonymous & password: anonymous
3. You can logged with ftp server successfully.
4. You have full access to files on that server.
5. You can download,upload,edit or modify files on server.
PoC video:
https://drive.google.com/file/d/1RjZtqS45kPtbT6HOD42GQEuLmNvqcEnY/view?usp=sharing
Impact: Able to sign in with on ftp server remotely.
Thanks,
Can I bug bounty or hall of fame for reporting this issue?
I don't know where to report this issue to the Apple or Macports.
--
Ticket URL: <https://trac.macports.org/ticket/66784>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list