CVE-2020-6857

Name of the Vulnerable Software and Affected Versions CarbonFTP version 1.4

Description The issue concerns the use of insecure proprietary password encryption in CarbonFTP. Specifically, the software uses a hard-coded weak encryption key for local FTP server passwords, which is embedded directly in the binary. This poses a significant risk to the security of passwords stored by the application.

Recommendations For CarbonFTP version 1.4, consider disabling the use of the proprietary password encryption mechanism until a secure alternative is implemented. Restrict access to the local FTP server to minimize the risk of exploitation. Avoid using the hard-coded encryption key for any sensitive data storage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.