Cleartext Password Exposure in FileZilla by Multi-Vendor Software
CVE-2022-29620

6.5MEDIUM

Key Information:

Vendor

Filezilla-project

Status
Filezilla Client
Vendor
CVE Published:
7 June 2022

What is CVE-2022-29620?

FileZilla Client version 3.59.0 has a significant vulnerability that allows attackers to extract cleartext passwords of connected SSH or FTP servers from memory dumps. This may lead to unauthorized access to sensitive information stored in those connections. Despite the implications of this vulnerability, the vendor does not classify it as a significant security issue, which has raised concerns in the cybersecurity community regarding the protection of user credentials. Organizations using this version should be aware of the potential risks associated with the handling of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://youtu.be/eSlfQQytIq0
x_refsource_MISC
https://whichbuffer.medium.com/filezilla-client-cleartext...
x_refsource_MISC
https://youtu.be/ErZl1i7McHk
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.