PT-2006-6643 · Selenium · Seleniumserver Ftp Server

Published

2006-11-20

Updated

2017-07-20

CVE-2006-5982

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SeleniumServer FTP Server version 1.0, and possibly earlier

Description The issue allows attackers to obtain passwords by reading a file where user passwords are stored in plaintext in the Servers directory.

Recommendations For SeleniumServer FTP Server version 1.0, and possibly earlier, consider changing all passwords stored in the Servers directory to mitigate the risk of exploitation. As a temporary workaround, restrict access to the Servers directory to minimize the risk of attackers reading the plaintext passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2006-5982

Affected Products

Seleniumserver Ftp Server

PT-2006-6643 · Selenium · Seleniumserver Ftp Server

CVE-2006-5982

Weakness Enumeration

Related Identifiers

Affected Products

References · 5