CVE-2008-4677

Name of the Vulnerable Software and Affected Versions autoload/netrw.vim (aka the Netrw Plugin) versions prior to 133k for Vim 7.1 and 7.2

Description The issue allows remote FTP servers to obtain sensitive information by logging usernames and passwords when attempting to establish subsequent FTP sessions to servers on different hosts. This occurs because the software stores credentials for an FTP session and sends those credentials when attempting to establish subsequent FTP sessions.

Recommendations For versions prior to 133k, update to version 133k or later to resolve the issue. As a temporary workaround, consider restricting the use of the Netrw Plugin for FTP sessions to minimize the risk of exploitation. Avoid using the same username and password across different FTP servers until the issue is resolved.