Lucene search

MitreCVE-2005-4066

HistoryDec 07, 2005 - 11:03 a.m.

CVE-2005-4066

2005-12-0711:03:00

CWE-310

mitre

web.nvd.nist.gov

total commander

6.53

weak encryption

ftp

password

vulnerability

nvd

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

5.1%

JSON

Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.

Affected configurations

Nvd

Node

christian_ghislertotal_commanderMatch6.53

VendorProductVersionCPE
christian_ghislertotal_commander6.53cpe:2.3:a:christian_ghisler:total_commander:6.53:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
christian_ghisler	total_commander	6.53	cpe:2.3:a:christian_ghisler:total_commander:6.53:::::::*

References

securitytracker.com/id?1015311

www.networksecurity.fi/advisories/total-commander.html

www.vupen.com/english/advisories/2005/2780

exchange.xforce.ibmcloud.com/vulnerabilities/23497

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-4066