WS_FTP Pro Client Weak Password Encrypted

Low Nessus Plugin ID 14597


The remote FTP client is using weak encryption.


The version of WS_FTP client installed on the remote host uses a weak encryption method to store password information. A local attacker could exploit this to discover FTP passwords.


Upgrade to the latest version of WS_FTP client.

Plugin Details

Severity: Low

ID: 14597

File Name: ws_ftp_client_weak_stored_pass.nasl

Version: $Revision: 1.14 $

Type: local

Agent: windows

Family: Windows

Published: 2004/09/01

Modified: 2012/07/20

Dependencies: 12108

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:ipswitch:ws_ftp

Required KB Items: ws_ftp_client/version

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/07/29

Reference Information

CVE: CVE-1999-1078

BID: 547

OSVDB: 10356