CVE-2022-34005

Name of the Vulnerable Software and Affected Versions Titan FTP Server NextGen versions prior to 1.2.1050

Description The issue is related to the use of hardcoded credentials for the sa account in the Microsoft SQL Express 2019 instance installed by default during Titan FTP Server NextGen installation. This can allow a remote attacker to elevate their privileges. The vulnerability can be exploited for Remote Code Execution.

Recommendations For versions prior to 1.2.1050, update to version 1.2.1050 or later to resolve the issue. Note that the 1.2.1050 release corrects this vulnerability in new installations, but not in upgrade installations. As a temporary workaround, consider changing the hardcoded password for the sa account on the Microsoft SQL Express 2019 instance. Restrict access to the Microsoft SQL Express 2019 instance to minimize the risk of exploitation.