CesarFTP settings.ini Authentication Credential Plaintext Disclosure

Low Nessus Plugin ID 11640


The remote FTP server is storing unencrypted passwords on disk.


The remote host is running CesarFTP.

Due to a design flaw in the program, the plaintext usernames and passwords of FTP users are stored in the file 'settings.ini'. Any user with an account on this host may read this file and use the password to connect to this FTP server.


There is no known solution at this time.

See Also



Plugin Details

Severity: Low

ID: 11640

File Name: cesarftp_passwd.nasl

Version: $Revision: 1.18 $

Type: local

Agent: windows

Family: Windows

Published: 2003/05/20

Modified: 2016/11/15

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:aclogic:cesarftp

Required KB Items: SMB/Registry/Enumerated

Vulnerability Publication Date: 2001/05/28

Reference Information

CVE: CVE-2001-1336, CVE-2003-0329

OSVDB: 12056