BlackMoon FTP Server blackmoon.mdb Plaintext Password Disclosure

Medium Nessus Plugin ID 11649


The remote FTP server is affected by a password disclosure vulnerability.


BlackMoon FTP server is installed on the remote host. FTP usernames and passwords are stored on the server in plaintext in a filed called 'blackmoon.mdb.' Any user with an account on this host may read the credentials stored in this file, and use them to connect to this FTP server.


Upgrade to the latest version of BlackMoon FTP.

See Also

Plugin Details

Severity: Medium

ID: 11649

File Name: blackmoon_ftp_users_database.nasl

Version: $Revision: 1.18 $

Type: local

Agent: windows

Family: Windows

Published: 2003/05/27

Modified: 2015/06/23

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/05/20

Reference Information

CVE: CVE-2003-0342

BID: 7646

OSVDB: 12078

Secunia: 8840