Vulnerability Description
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Winftp Server | Winftp Server | 1.6 |
References
- http://secunia.com/advisories/13304Vendor Advisory
- http://securitytracker.com/id?1012321Vendor Advisory
- http://www.osvdb.org/12122
- http://www.securityfocus.com/bid/11749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18247
- http://secunia.com/advisories/13304Vendor Advisory
- http://securitytracker.com/id?1012321Vendor Advisory
- http://www.osvdb.org/12122
- http://www.securityfocus.com/bid/11749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18247
FAQ
What is CVE-2004-2400?
CVE-2004-2400 is a vulnerability with a CVSS score of 2.1 (LOW). WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
How severe is CVE-2004-2400?
CVE-2004-2400 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2400?
Check the references section above for vendor advisories and patch information. Affected products include: Winftp Server Winftp Server.