Vulnerability Description
GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Steve Poulsen | Guildftpd | 0.9.7 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.htmlVendor Advisory
- http://www.securityfocus.com/bid/2792Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6611
- http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.htmlVendor Advisory
- http://www.securityfocus.com/bid/2792Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6611
FAQ
What is CVE-2001-0768?
CVE-2001-0768 is a vulnerability with a CVSS score of 4.6 (MEDIUM). GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.
How severe is CVE-2001-0768?
CVE-2001-0768 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0768?
Check the references section above for vendor advisories and patch information. Affected products include: Steve Poulsen Guildftpd.