Last Thursday, SCMagazine.com ran a story on Cisco’s disclosure of multiple flaws in IOS FTP Server that can result in DoS attacks or malicious users gaining unauthorized privileges.

A quick rundown: one flaw exists when verifying user credentials in the IOS FTP Server, while the other occurs when transferring files via FTP Server. The flaws exist in IOS versions 11 and 12.

At the time of disclosure, Adam Powers, Lancope CTO, told us that the vulnerabilities weren’t a major risk for network administrators because FTP server is off by default.

Chris Eng, writing on the Veracode blog Zero in a Bit, has a different opinion on the flaws that’s worth checking out. He contends that the flaws are much more serious, asking if they’re “an intentional backdoor planted in the codebase or just a horribly dumb implementation error.”