CesarFTP Plaintext Password Storage Vulnerability

CesarFTP is a freely available FTP Server for Microsoft Windows 9x/ME systems.

CesarFTP stores the plaintext passwords of FTP user accounts in a file called 'settings.ini'.

Any user to view this file would be able to log into the FTP server as any ftp user on the system. This vulnerability may also compromise other places where the users authenticate, if they use the same password.


 

Privacy Statement
Copyright 2010, SecurityFocus