Information Disclosure in ASG/ProxySG FTP Proxy WebFTP Mode by Symantec
CVE-2018-18371
6.5MEDIUM
What is CVE-2018-18371?
The ASG/ProxySG FTP proxy WebFTP mode contains a vulnerability that can be exploited by malicious users to gain unauthorized access to plain-text authentication credentials. When users access FTP servers through a web browser via the ftp:// URL, the WebFTP mode unintentionally exposes sensitive information about these FTP sessions, allowing attackers to intercept credentials from the web listing of the FTP server.
Affected Version(s)
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7 prior to 6.7.4.2
Symantec ProxySG 6.5 prior to 6.5.10.15
Symantec ProxySG 6.6