Skip to content

[FALSE-NEGATIVE] ...ftp-weak-credentials failed。 #15681

New issue
New issue
Open
Open
[FALSE-NEGATIVE] ...ftp-weak-credentials failed。#15681
Assignees
DhiyaneshGeek
Labels
false-negativeNuclei template missing valid results
@attack-key

Description

@attack-key
attack-key
opened on Mar 25, 2026

Template IDs or paths

- ...
nuclei-templates/network/default-login/ftp-weak-credentials.yaml

Environment

- OS: CentOS Linux release 7.5.1804(X86)
- Nuclei: v3.7.1
- Go: no( just run binary installation package(AMD64))

target:CentOS Linux release 7.9.2009 (Core)-X86
vsftpd: version 3.0.2

Steps To Reproduce

nuclei -target 172.20.1.98:21 -t /root/nuclei-templates/network/default-login

Relevant dumped responses

[INF] [ftp-weak-credentials] Dumped Network request for 172.20.1.98:21
00000000  55 53 45 52 20 66 74 70  0d 0a 50 41 53 53 20 31  |USER ftp..PASS 1|
00000010  32 33 34 35 36 0d 0a                              |23456..| address=172.20.1.98:21

Compact HEX view:
55534552206674700d0a50415353203132333435360d0a
[DBG] [ftp-weak-credentials] Dumped Network response for 172.20.1.98:21

00000000  32 32 30 20 28 76 73 46  54 50 64 20 33 2e 30 2e  |220 (vsFTPd 3.0.|
00000010  32 29 0d 0a 33 33 31 20  50 6c 65 61 73 65 20 73  |2)..331 Please s|
00000020  70 65 63 69 66 79 20 74  68 65 20 70 61 73 73 77  |pecify the passw|
00000030  6f 72 64 2e 0d 0a                                 |ord...|
[INF] [ftp-weak-credentials] Dumped Network request for 172.20.1.98:21
00000000  55 53 45 52 20 61 64 6d  69 6e 0d 0a 50 41 53 53  |USER admin..PASS|
00000010  20 70 61 73 73 77 6f 72  64 0d 0a                 | password..| address=172.20.1.98:21

Compact HEX view:
555345522061646d696e0d0a504153532070617373776f72640d0a
[INF] [ftp-weak-credentials] Dumped Network request for 172.20.1.98:21
00000000  55 53 45 52 20 66 74 70  0d 0a 50 41 53 53 20 70  |USER ftp..PASS p|
00000010  61 73 73 77 6f 72 64 0d  0a                       |assword..| address=172.20.1.98:21

Compact HEX view:
55534552206674700d0a504153532070617373776f72640d0a
[DBG] [ftp-weak-credentials] Dumped Network response for 172.20.1.98:21

00000000  32 32 30 20 28 76 73 46  54 50 64 20 33 2e 30 2e  |220 (vsFTPd 3.0.|
00000010  32 29 0d 0a                                       |2)..|
[DBG] [ftp-weak-credentials] Dumped Network response for 172.20.1.98:21

00000000  32 32 30 20 28 76 73 46  54 50 64 20 33 2e 30 2e  |220 (vsFTPd 3.0.|
00000010  32 29 0d 0a 33 33 31 20  50 6c 65 61 73 65 20 73  |2)..331 Please s|
00000020  70 65 63 69 66 79 20 74  68 65 20 70 61 73 73 77  |pecify the passw|
00000030  6f 72 64 2e 0d 0a                                 |ord...|
[INF] [ftp-weak-credentials] Dumped Network request for 172.20.1.98:21
00000000  55 53 45 52 20 66 74 70  0d 0a 50 41 53 53 20 64  |USER ftp..PASS d|
00000010  65 66 61 75 6c 74 0d 0a                           |efault..| address=172.20.1.98:21

Anything else?

I'm currently validating the FTP weak password detection function. I added an ftp account(ftp) with the password 123456 to the ftp-weak-credentials template located at nuclei-templates/network/default-login/ftp-weak-credentials. I executed the command:
nuclei -target 172.20.1.98:21 -t /root/nuclei-templates/network/default-login --rl 1 --debug -vv
The tool failed to detect the existence of the weak password, yet I can see that the login was successful in the packet capture. Below is the detailed information:

Image I tried deleting all other accounts and passwords in the ftp-weak-credentials.yaml file, leaving only ftp/123456. The result was still the same — it wasn’t detected. Image

Metadata

Metadata

Assignees

Labels

false-negativeNuclei template missing valid results

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions