PT-2023-24251 · Wftpd · Wftpd
Published
2023-05-25
·
Updated
2025-01-16
·
CVE-2023-33263
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WFTPD version 3.25
Description
The software stores usernames and password hashes in an openly viewable wftpd.ini configuration file within the WFTPD directory. This issue is noted in a product from 2006.
Recommendations
For WFTPD version 3.25, consider restricting access to the wftpd.ini configuration file to minimize the risk of exploitation. As a temporary workaround, limit read access to this file until a more secure storage method for usernames and password hashes is implemented.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wftpd