PT-2018-10651 · Olive Tree · Olive Tree Ftp Server
Manhnho
·
Published
2018-05-29
·
Updated
2025-11-11
·
CVE-2018-11544
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The Olive Tree Ftp Server application version 1.32
Description
The issue concerns insecure data storage. Specifically, a
username and password are stored in the /data/data/com.theolivetree.ftpserver/shared prefs/com.theolivetree.ftpserver preferences.xml file as the prefUsername and prefUserpass strings.Recommendations
For The Olive Tree Ftp Server application version 1.32, consider removing or securely storing the
prefUsername and prefUserpass strings from the shared preferences file to mitigate the risk of insecure data storage. As a temporary workaround, restrict access to the shared preferences file to minimize the risk of exploitation.Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Olive Tree Ftp Server