FTP Anonymous Authentication Vulnerability

漏洞信息

漏洞名称: FTP Anonymous Authentication Vulnerability

漏洞类型: 未授权访问

漏洞等级: 中危

漏洞描述: 该漏洞涉及IIS FTP服务器允许匿名访问的问题。IIS(Internet Information Services)是微软提供的一款广泛使用的Web服务器软件,其FTP服务功能在企业内部文件共享和网站管理中常见。通过匿名FTP认证,用户无需提供有效凭证即可连接FTP服务器,这在某些场景下可能带来便利,但也引入了严重的安全隐患。

漏洞的技术根源在于FTP服务的匿名认证功能被启用。这意味着服务器未对访问者进行身份验证,允许任何人连接并可能访问或修改服务器上的文件。这种配置问题通常由于管理员为了方便而忽视了安全最佳实践,或者是在默认安装时未进行适当的安全配置。

此漏洞的影响范围广泛,可能导致敏感信息泄露、数据被篡改或删除,甚至可能被用作进一步攻击的跳板。攻击者可以利用此漏洞无需任何认证即可访问FTP资源,增加了服务器被滥用的风险。虽然漏洞的利用不需要复杂的攻击技术,但其潜在的安全威胁不容忽视,特别是对于存储有敏感数据的服务器。

产品厂商: Microsoft

产品名称: IIS FTP Server

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b740ee6791c0a6d36cac233d23a096ba91d2f060/code%2Fwindows%2Faudit%2Fkisa%2Fftp-anonymous-check.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

id: ftp-anonymous-check

info:
  name: Anonymous FTP Disabled Check
  author: nukunga[SungHyunJeon]
  severity: medium
  description: |
    Ensure that anonymous FTP authentication is disabled on all FTP sites. Allowing anonymous access permits unauthenticated users to connect, which can lead to serious security vulnerabilities.
  impact: |
    If anonymous FTP is enabled, attackers can bypass authentication and potentially gain unauthorized access to FTP resources, posing a significant security risk.
  remediation: |
    Disable anonymous FTP authentication using IIS Manager:
    - Open IIS Manager.
    - Navigate to the FTP site → FTP Authentication.
    - Set "Anonymous Authentication" to Disabled.
  reference:
    - https://isms.kisa.or.kr/main/csap/notice/?boardId=bbs_0000000000000004&mode=view&cntId=85
  tags: ftp,iis,security,code,windows-audit,kisa

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Import-Module WebAdministration -ErrorAction SilentlyContinue
      $ftpSites = Get-ChildItem IIS:\Sites | Where-Object { $_.Bindings.Collection.Protocol -eq "ftp" }
      $vulnerable = $false
      foreach ($site in $ftpSites) {
          $anonAuth = Get-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/$($site.Name)" -filter "system.ftpServer/security/authentication/anonymousAuthentication" -name "enabled" -ErrorAction SilentlyContinue
          if ($anonAuth -eq $true) {
              $vulnerable = $true
              break
          }
      }
      if ($vulnerable) {
          "ANONYMOUS_FTP_ENABLED"
      } else {
          "ANONYMOUS_FTP_DISABLED"
      }

    matchers:
      - type: word
        words:
          - "ANONYMOUS_FTP_ENABLED"

Github Poc
#projectdiscovery/nuclei-templates:github issues #未授权访问
FTP Anonymous Authentication Vulnerability
http://example.com/2025/07/10/github_1048629150/
作者
lianccc
发布于
2025年7月10日
许可协议