CVE-2017-15272

Name of the Vulnerable Software and Affected Versions PSFTPd version 10.0.4 Build 729

Description The issue concerns the storage of configuration data in a Microsoft Access Database file named PSFTPd.dat. This file can be extracted without requiring the password set by the application, which is "ITsILLEGAL". Furthermore, user passwords are stored in cleartext.

Recommendations For PSFTPd version 10.0.4 Build 729, consider changing the way configuration data is stored and securing user passwords to prevent unauthorized access. As a temporary workaround, restrict access to the PSFTPd.dat file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.