CVE-2004-1948

Name of the Vulnerable Software and Affected Versions NcFTP client versions 3.1.6 through 3.1.7

Description The issue allows local users to obtain sensitive information, such as usernames and passwords, when they are included in an FTP URL provided on the command line. This is possible because the URL is displayed in the process list when using commands like "ps aux".

Recommendations For NcFTP client versions 3.1.6 and 3.1.7, avoid including the username and password in the FTP URL when providing it on the command line. As a temporary workaround, consider using alternative methods for authentication that do not expose sensitive information in the process list.