1. Home
  2. Network Vulnerabilities
  3. How to remediate – Anonymous FTP Enabled
Searching...

How to remediate – Anonymous FTP Enabled

Contents

1. Introduction

Anonymous FTP allows anyone to connect to a server without needing a username and password. This is a security risk as it enables unauthorised access to files. Businesses should disable this feature unless absolutely necessary, as any system connected to the internet could be compromised. A successful attack could lead to loss of confidential data, modification of important files, or disruption of service.

2. Technical Explanation

The vulnerability occurs because the FTP server is configured to allow access without authentication. An attacker can connect and list/download files made available on the server. Brute force setting must be enabled to use this plugin. CVE-1999-0497 describes this issue. For example, an attacker could simply connect using an FTP client with no credentials and download sensitive documents.

  • Root cause: The FTP server allows anonymous logins by default or through misconfiguration.
  • Exploit mechanism: An attacker connects to the FTP server without providing a username or password and gains access to files.
  • Scope: Any system running an FTP server with anonymous login enabled is affected.

3. Detection and Assessment

You can confirm if a system is vulnerable by attempting an anonymous connection. A thorough method involves using a vulnerability scanner.

  • Quick checks: Use an FTP client to connect to the server without providing credentials. If successful, the system is likely vulnerable.
  • Scanning: Nessus signature ID 20839 can detect this issue. This is provided as an example only.
  • Logs and evidence: Check FTP server logs for connections from anonymous users or failed authentication attempts with no username provided.
ftp <server_ip>
User anonymous (or leave blank)
Password <[email protected]>

4. Solution / Remediation Steps

Disable anonymous FTP access if it is not required. Routinely check the server for sensitive content.

4.1 Preparation

  • Ensure you have a valid account with sufficient permissions to modify the FTP server settings. Roll back by restoring the backed-up configuration file.
  • A standard change window may be needed, depending on your organisation’s policies. Approval from the IT security team may also be required.

4.2 Implementation

  1. Step 1: Open the FTP server configuration file (location varies by operating system and FTP software).
  2. Step 2: Locate the setting that enables anonymous access.
  3. Step 3: Disable anonymous access by changing the setting to ‘off’ or commenting it out.
  4. Step 4: Save the configuration file.
  5. Step 5: Restart the FTP service for the changes to take effect.

4.3 Config or Code Example

Before

AnonymousEnable on

After

# AnonymousEnable on

4.4 Security Practices Relevant to This Vulnerability

Least privilege and secure defaults can help prevent this issue. For example, limiting access to only authorised users reduces the impact if anonymous login is enabled. Using strong authentication methods also improves security.

  • Practice 1: Least privilege – restrict user access to only what they need.
  • Practice 2: Secure defaults – configure services with the most secure settings by default.

4.5 Automation (Optional)

This vulnerability can be remediated using configuration management tools like Ansible or Puppet. This example is for illustrative purposes only and may need adjustment based on your environment.

# Example Ansible task to disable anonymous FTP access
- name: Disable Anonymous FTP Access
  lineinfile:
    path: /etc/vsftpd.conf # Adjust path as needed
    regexp: '^AnonymousEnable'
    state: absent
  notify: Restart vsftpd service
- handlers:
  - name: Restart vsftpd service
    service:
      name: vsftpd
      state: restarted

5. Verification / Validation

Confirm the fix by attempting an anonymous connection again. Re-run the earlier detection method to verify the issue is resolved.

  • Post-fix check: Attempt to connect using an FTP client without providing credentials. The connection should fail.
  • Re-test: Run Nessus scan 20839 again, and it should no longer report the vulnerability.
  • Smoke test: Verify that authorised users can still access the FTP server with their valid credentials.
  • Monitoring: Check FTP server logs for failed anonymous login attempts. A spike in these events could indicate ongoing attacks.
ftp <server_ip>
User anonymous (or leave blank)
Password <[email protected]>
Connection closed by foreign host.

6. Preventive Measures and Monitoring

Update security baselines to include disabling anonymous FTP access. Add checks in CI/CD pipelines to prevent the same fault from being introduced during deployments. For example, a CIS control or GPO setting can enforce this configuration.

  • Baselines: Update your security baseline to disable anonymous FTP by default.
  • Pipelines: Include static code analysis (SCA) checks in CI/CD pipelines to identify insecure configurations.
  • Asset and patch process: Review server configurations regularly as part of a scheduled asset review cycle.

7. Risks, Side Effects, and Roll Back

Disabling anonymous access may break existing applications or workflows that rely on it. The roll back steps are to restore the backed-up configuration file.

  • Risk or side effect 1: Existing users relying on anonymous access will be unable to connect.
  • Risk or side effect 2: Applications using anonymous FTP may fail.
  • Roll back: Restore the original FTP server configuration file and restart the service.

8. References and Resources

  • Vendor advisory or bulletin: No specific vendor advisory available for this general configuration issue.
  • NVD or CVE entry: CVE-1999-0497
  • Product or platform documentation relevant to the fix: Refer to your FTP server software’s documentation for specific configuration instructions.
Updated on October 26, 2025

Was this article helpful?

Yes No

Related Articles