Lucene search

[email protected]CVE-1999-1337

HistoryAug 01, 1999 - 4:00 a.m.

CVE-1999-1337

1999-08-0104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1337

midnight commander

ftp

plaintext storage

privilege escalation

nvd

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.

CPENameOperatorVersion
midnight_commander:midnight_commandermidnight commanderle4.5.11

CPE	Name	Operator	Version
midnight_commander:midnight_commander	midnight commander	le	4.5.11

References

marc.info/?l=bugtraq&m=93370073207984&w=2

www.iss.net/security_center/static/9873.php

www.osvdb.org/5921

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON