PT-2002-2660 · Flashfxp · Flashfxp

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-1939

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FlashFXP version 1.4

Description The issue allows attackers to obtain FTP passwords of other users by editing the queue properties when there are transfers in the queue, as FlashFXP prints FTP passwords in plaintext.

Recommendations For FlashFXP version 1.4, consider restricting access to the queue properties to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid editing queue properties when there are transfers in the queue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1939

Produtos afetados

Flashfxp

PT-2002-2660 · Flashfxp · Flashfxp

CVE-2002-1939

Identificadores relacionados

Produtos afetados

Referências · 4