Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The firewall rule allows inbound TCP traffic on port 20 (FTP data) from any IP address (0.0.0.0/0), exposing the service to the entire internet. This configuration makes the FTP service publicly accessible without restriction.
Impact#
Unrestricted FTP access can allow attackers to probe, exploit, or abuse the FTP service from anywhere, increasing the risk of unauthorized data transfer, brute-force attacks, or service misuse. This can lead to data breaches or compromise of other internal resources.