FTP Supports Cleartext Authentication

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

Authentication credentials might be intercepted.

Description :

The remote FTP server allows the user's name and password to be
transmitted in cleartext, which could be intercepted by a network
sniffer or a man-in-the-middle attack.

Solution :

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In
the latter case, configure the server so that control connections are

Risk factor :

Low / CVSS Base Score : 2.6

Family: FTP

Nessus Plugin ID: 34324 (ftp_clear_text_credentials.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now