PT-2018-10651 · Olive Tree · Olive Tree Ftp Server

Manhnho

Publicado

2018-05-29

Atualizado

2025-11-11

CVE-2018-11544

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Olive Tree Ftp Server application version 1.32

Description The issue concerns insecure data storage. Specifically, a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared prefs/com.theolivetree.ftpserver preferences.xml file as the prefUsername and prefUserpass strings.

Recommendations For The Olive Tree Ftp Server application version 1.32, consider removing or securely storing the prefUsername and prefUserpass strings from the shared preferences file to mitigate the risk of insecure data storage. As a temporary workaround, restrict access to the shared preferences file to minimize the risk of exploitation.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-11544

Produtos afetados

Olive Tree Ftp Server

PT-2018-10651 · Olive Tree · Olive Tree Ftp Server

CVE-2018-11544

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5