Lucene search

[email protected]CVE-2004-2400

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2400

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2400

winftp server

plaintext credentials

data security

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.

CPENameOperatorVersion
winftp_server:winftp_serverwinftp servereq1.6

CPE	Name	Operator	Version
winftp_server:winftp_server	winftp server	eq	1.6

References

secunia.com/advisories/13304

securitytracker.com/id?1012321

www.osvdb.org/12122

www.securityfocus.com/bid/11749

exchange.xforce.ibmcloud.com/vulnerabilities/18247

7.5 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON