Ncftp · Ncftp Client · CVE-2004-1948
**Name of the Vulnerable Software and Affected Versions**
NcFTP client versions 3.1.6 through 3.1.7
**Description**
The issue allows local users to obtain sensitive information, such as usernames and passwords, when they are included in an FTP URL provided on the command line. This is possible because the URL is displayed in the process list when using commands like "ps aux".
**Recommendations**
For NcFTP client versions 3.1.6 and 3.1.7, avoid including the `username` and `password` in the FTP URL when providing it on the command line. As a temporary workaround, consider using alternative methods for authentication that do not expose sensitive information in the process list.