Description
The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Potential Impact
Confidentiality
Read Application Data
Mitigations & Prevention
Avoid storing information under the FTP root directory.
Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Sensitive Data Under FTP Root
Frequently Asked Questions
What is CWE-220?
CWE-220 (Storage of File With Sensitive Data Under FTP Root) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
How can CWE-220 be exploited?
Attackers can exploit CWE-220 (Storage of File With Sensitive Data Under FTP Root) to read application data. This weakness is typically introduced during the Operation, Architecture and Design phase of software development.
How do I prevent CWE-220?
Key mitigations include: Avoid storing information under the FTP root directory.
What is the severity of CWE-220?
CWE-220 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.