Cooolsoft PowerFTP Server Plaintext Account Information Vulnerability

PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.

PowerFTP stores FTP account information in plaintext on the local system in a file called "ftpserver.ini".

By itself, this issue should be considered exploitable by a local attacker. However, it may be exploitable remotely by a FTP user via a known directory traversal vulnerability in PowerFTP. For example, BugTraq ID 3593 "Cooolsoft PowerFTP Server Directory Traversal Vulnerability".


 

Privacy Statement
Copyright 2010, SecurityFocus