Plaintext Password Storage Vulnerability in GuildFTPd by GuildFTPD
CVE-2001-0768

Currently unrated

Key Information:

Vendor: Steve Poulsen
Status: Guildftpd
Vendor: CVE Published:; 18 October 2001

🔔 Create Steve Poulsen Vulnerability Alert

What is CVE-2001-0768?

The vulnerability in GuildFTPd 0.9.7 arises from the insecure storage of usernames and passwords in plaintext within the default.usr file. This allows local users to easily access this file and potentially elevate their privileges by impersonating other FTP users. As a result, the exposure of sensitive credentials can lead to unauthorized access and compromise of other accounts within the system, highlighting the critical need for secure password management practices in FTP software.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6611

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/2792

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2001-05/02...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2001
Vulnerability Reserved
Oct 12, 2001