CesarFTP settings.ini Authentication Credential Plaintext Disclosure

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is storing unencrypted passwords on disk.

Description :

The remote host is running CesarFTP.

Due to a design flaw in the program, the plaintext usernames and
passwords of FTP users are stored in the file 'settings.ini'. Any user
with an account on this host may read this file and use the password
to connect to this FTP server.

See also :

http://seclists.org/bugtraq/2001/May/248
http://seclists.org/bugtraq/2003/May/211

Solution :

There is no known solution at this time.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: Windows

Nessus Plugin ID: 11640 (cesarftp_passwd.nasl)

Bugtraq ID:

CVE ID: CVE-2001-1336
CVE-2003-0329

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now