Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   Xynph FTP-Server Vendors:   Digital Sector
Xynph FTP Server Discloses Passwords to Local Users
SecurityTracker Alert ID:  1007467
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 11 2003
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 2.0
Description:   CyberTalon reported a password disclosure vulnerability in Xynph FTP Server. A local user can view user passwords.

It is reported that the server stores user passwords in clear text in the 'BKonten.xkd' file. A local user can view the passwords.

Impact:   A local user can view passwords for the FTP server users.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Xynph FTP Server 2 Local Password Vulnerability

             Xynph FTP Server 2 Local Password Vulnerability
                      Found by: CyberTalon

1. Intro
2. Problem
3. Solution
4. Ending
5. Info

1. I have found a local password vulnerability in Xynph FTP Server 2.

2. The server stores the usernames and passwords in BKonten.xkd, in clear

3. They need to use encryption when storing sensitive information.

4. This could allow an attacker to compromise the server if the attacker
could read the file BKonten.xkd.

5. Vendor URL:


The new MSN 8: smart spam protection and 2 months FREE*


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC