Info

Disclosure

Apr 11, 2005

Discovery

Apr 09, 2005

Dates

Exploit

Apr 11, 2005

Solution

Unknown

Description

DeluxeFTP contains a flaw that may lead to an unauthorized information. It is possible to gain access to the plain text username and password of the FTP sites configured when the program writes its configuration to the sites.xml file, which may lead to a loss of confidentiality

Classification

Location: Local Access Required
Attack Type: Authentication Management, Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Light Speed Technologies Incorporated	DeluxeFTP	6.0.1
		7.0.1 beta

References

Bugtraq ID: 13105
Secunia Advisory ID: 14923
Related OSVDB ID: 15421
CVE ID: 2005-1092 (see also: NVD)
Milw0rm: 936
Exploit Database: 936
Other Advisory URL: http://lostmon.blogspot.com/2005/04/deluxeftp-plain-text-passwords.html
http://www.deluxeftp.com/forum/viewtopic.php?t=27
Vendor URL: http://www.deluxeftp.com/

Credit

Lostmon Lords - Lostmongmail.com -

Direct URL: http://osvdb.org/15421

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Light Speed Technologies Incorporated

DeluxeFTP

References

Credit