BlackMoon FTP Server blackmoon.mdb Plaintext Password Disclosure

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a password disclosure
vulnerability.

Description :

BlackMoon FTP server is installed on the remote host. FTP usernames
and passwords are stored on the server in plaintext in a filed called
'blackmoon.mdb.' Any user with an account on this host may read the
credentials stored in this file, and use them to connect to this FTP
server.

See also :

http://marc.info/?l=bugtraq&m=105353283720837&w=2

Solution :

Upgrade to the latest version of BlackMoon FTP.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11649 (blackmoon_ftp_users_database.nasl)

Bugtraq ID: 7646

CVE ID: CVE-2003-0342

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now