CoffeeCup FTP Clients Weak Password Encryption Vulnerability

A vulnerability exists in the FTP clients CoffeCupt Direct and CoffeeCup Free.

The clients use the file FTPServers.ini to store password information for sites to which the client has been connected. The encryption method designed to obfuscate these passwords can be easily defeated.

As a result, a malicious user able to read the FTPServers.ini will be able to obtain the passwords to any of the stored FTP servers, compromising their security.


Privacy Statement
Copyright 2010, SecurityFocus