DataWizard FTPXQ Default Accounts

This script is Copyright (C) 2006-2014 Justin Seitz


Synopsis :

The remote FTP server has one or more default test accounts.

Description :

The version of DataWizard FTPXQ that is installed on the remote host
has one or more default accounts setup which can allow an attacker to
read and / or write arbitrary files on the system.

See also :

http://attrition.org/pipermail/vim/2006-November/001107.html

Solution :

Disable or change the password for any unnecessary user accounts.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.8
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 23642 (datawizard_ftpxq_test_accts.nasl)

Bugtraq ID: 20721

CVE ID: CVE-2006-5569