PFTP Cleartext Local Password Disclosure

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that stores user names and
passwords in cleartext.

Description :

The remote web server is running PFTP.

This software stores the list of user names and passwords in clear
text in \Program Files\PFTP\PFTPUSERS3.USR.

An attacker with a full access to this host may use this flaw to gain
access to other FTP servers used by the same users.

Solution :


Risk factor :

Medium / CVSS Base Score : 4.6

Family: Windows

Nessus Plugin ID: 11693 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now