Vulnerability Details CVE-2005-1092
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lostmon.blogspot.com/2005/04/deluxeftp-plain-text-passwords.html
- http://secunia.com/advisories/14923
- http://www.osvdb.org/15421
- http://www.securityfocus.com/bid/13105
- http://lostmon.blogspot.com/2005/04/deluxeftp-plain-text-passwords.html
- http://secunia.com/advisories/14923
- http://www.osvdb.org/15421
- http://www.securityfocus.com/bid/13105
Products affected by CVE-2005-1092
-
cpe:2.3:a:light_speed_technology:deluxeftp:6.0.1
-
cpe:2.3:a:light_speed_technology:deluxeftp:7.0.1_beta