FTP Supports Clear Text Authentication

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

Authentication credentials might be intercepted.

Description :

The remote FTP server allows the user's name and password to be
transmitted in clear text, which could be intercepted by a network
sniffer or a man-in-the-middle attack.

Solution :

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS).
In the latter case, configure the server so that control connections
are encrypted.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: FTP

Nessus Plugin ID: 34324 (ftp_clear_text_credentials.nasl)

Bugtraq ID:

CVE ID: