• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Blackmoon FTP Server Plaintext User Password Weakness

Blackmoon FTP Server stores authentication credentials for the FTP service on the local system in plaintext. Local users with access to the file containing the password may gain unauthorized access to the server as a result.

Exposure of authentication credentials may also lead to compromise of other services/resources if the same credentials are commonly used.

It should be noted that although this weakness was reported to affect Blackmoon FTP server version 2.6, previous versions might also be affected.