CesarFTP settings.ini Authentication Credential Plaintext Disclosure
Low Nessus Plugin ID 11640
SynopsisThe remote FTP server is storing unencrypted passwords on disk.
DescriptionThe remote host is running CesarFTP.
Due to a design flaw in the program, the plaintext usernames and passwords of FTP users are stored in the file 'settings.ini'. Any user with an account on this host may read this file and use the password to connect to this FTP server.
SolutionThere is no known solution at this time.