FTP Credentials Disclosure

medium Web App Scanning Plugin ID 113080

Language:

Synopsis

FTP Credentials Disclosure

Description

The web server on the remote host contains publicly accessible FTP configuration files. These configuration files are produced by ftp software and contain details of ftp credentials and/or hosts and other potentially sensitive information. This may be used to access content from the FTP server that might otherwise be private.

Solution

Remove the listed FTP configuration files.

See Also

https://codexns.io/products/sftp_for_sublime/settings

https://filezillapro.com/docs/v3/advanced/how-to-configure-filezilla-pro-defaults-file-fzdefaults-xml/

Plugin Details

Severity: Medium

ID: 113080

Type: remote

Family: Data Exposure

Published: 12/21/2021

Updated: 1/17/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information

CWE: 538

OWASP: 2010-A6, 2013-A5, 2017-A6, 2021-A1

WASC: Predictable Resource Location

CAPEC: 95

DISA STIG: APSC-DV-002480

HIPAA: 164.312(a)(1), 164.312(a)(2)(i)

ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5

NIST: sp800_53-AC-3

OWASP API: 2019-API3, 2019-API7, 2023-API3, 2023-API8

PCI-DSS: 3.2-2.2