PFTP Cleartext Local Password Disclosure

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that stores user names and
passwords in cleartext.

Description :

The remote web server is running PFTP.

This software stores the list of user names and passwords in clear
text in \Program Files\PFTP\PFTPUSERS3.USR.

An attacker with a full access to this host may use this flaw to gain
access to other FTP servers used by the same users.

Solution :

n/a

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Windows

Nessus Plugin ID: 11693 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now