3 matches found
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
CVE-2020-6857
CVE-2020-6857 : CarbonFTP v1.4 contains insecure proprietary password encryption with a hard-coded weak encryption key; the key for local FTP server passwords is hard-coded in the binary. The CVE entry identifies the root cause as this hard-coded key, enabling weak protection of passwords. What’s...