CVE-2024-7745: 
WS_FTP Server vulnerability analysis and mitigation

CVE-2024-7745 affects WS_FTP Server versions before 8.8.8 (2022.0.8). The vulnerability is related to a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module, which allows users to bypass the second-factor verification and authenticate using only username and password (NVD Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.1 (HIGH) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. Progress Software Corporation, however, rated it with a Base Score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N. The vulnerability is classified under CWE-287 (Improper Authentication), CWE-304 (Missing Critical Step in Authentication), and CWE-290 (Authentication Bypass by Spoofing) (NVD Database).

The vulnerability allows attackers to bypass the multi-factor authentication mechanism, potentially gaining unauthorized access to the system with only username and password credentials. This could lead to unauthorized access to sensitive data and system resources (NVD Database).

Users are advised to upgrade to WS_FTP Server version 8.8.8 (2022.0.8) or later to address this vulnerability. The fix is available through the August 2024 Service Pack (Progress Community).