Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   RobotFTP Vendors:
RobotFTP Server Discloses Usernames and Passwords to Local Users
SecurityTracker Alert ID:  1007349
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 31 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 1.0
Description:   CyberTalon reported an authentication information disclosure vulnerability in the RobotFTP Server. A local user can view usernames and passwords.

It is reported that the software stores passwords in plain text in the 'C:/Program Files/RobotFTPServer/' file. Once the RobotFTP Server has been shut down once (causing it to save the passwords), a local user can view the passwords.

Impact:   A local user can view passwords.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  RobotFTP Server Local Password Vulnerability

          RobotFTP Server 1.0 Local Password Vulnerablity
                       Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending

1. RobotFTP Server has a local password vulnerability.

2. RobotFTP Server stores the login usernames and passwords in C:/Program
Files/RobotFTPServer/ . RobotFTP has to be closed once for it to
save the information/file, then it will be accessible from there on.

3. They need to use encryption when storing information on that sort.

4. This could allow an attacker to compromise the server if they could get
to it, and read it out of the locally.

Vendor url:


Add photos to your e-mail with MSN 8. Get 2 months FREE*.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC