Vulnerability Description
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Christian Ghisler | Total Commander | 6.53 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1015311Vendor Advisory
- http://www.networksecurity.fi/advisories/total-commander.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2005/2780Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23497
- http://securitytracker.com/id?1015311Vendor Advisory
- http://www.networksecurity.fi/advisories/total-commander.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2005/2780Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23497
FAQ
What is CVE-2005-4066?
CVE-2005-4066 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrate...
How severe is CVE-2005-4066?
CVE-2005-4066 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4066?
Check the references section above for vendor advisories and patch information. Affected products include: Christian Ghisler Total Commander.