BlackMoon FTP Server blackmoon.mdb Plaintext Password Disclosure

medium Nessus Plugin ID 11649

Synopsis

The remote FTP server is affected by a password disclosure vulnerability.

Description

BlackMoon FTP server is installed on the remote host. FTP usernames and passwords are stored on the server in plaintext in a filed called 'blackmoon.mdb.' Any user with an account on this host may read the credentials stored in this file, and use them to connect to this FTP server.

Solution

Upgrade to the latest version of BlackMoon FTP.

See Also

https://marc.info/?l=bugtraq&m=105353283720837&w=2

Plugin Details

Severity: Medium

ID: 11649

File Name: blackmoon_ftp_users_database.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 5/27/2003

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/20/2003

Reference Information

CVE: CVE-2003-0342

BID: 7646

Secunia: 8840