Published: 14/09/2005 Updated: 11/04/2024

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.

Vulnerable Product	Search on Vulmon	Subscribe to Product
filezilla filezilla 2.2.15
filezilla filezilla 2.2.14b

source: wwwsecurityfocuscom/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry This can allow the attacker to gain access to an FTP server with the p ...

NVD-CWE-Other http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328 http://www.securityfocus.com/bid/14730 http://marc.info/?l=bugtraq&m=112605448327521&w=2 http://marc.info/?l=bugtraq&m=112577523810442&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/22135 https://nvd.nist.gov https://www.exploit-db.com/exploits/26220/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2898

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect