FTP Supports Cleartext Authentication

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

Authentication credentials might be intercepted.

Description :

The remote FTP server allows the user's name and password to be
transmitted in cleartext, which could be intercepted by a network
sniffer or a man-in-the-middle attack.

Solution :

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In
the latter case, configure the server so that control connections are

Risk factor :

Low / CVSS Base Score : 2.6

Family: FTP

Nessus Plugin ID: 34324 (ftp_clear_text_credentials.nasl)

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial