Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2898

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-2898
Last Modified 05 Sep 2008 04:52:57
Published 14 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2898

Summary

** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but infact a fundamental issue of every single program that can store passwords transparently."

Vulnerable Systems

Application

  • Filezilla 2.2.14b

  • Filezilla 2.2.15


References

XF - filezilla-password-weak-encryption(22135)

BID - 14730

BUGTRAQ - 20050904 Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC

BUGTRAQ - 20050902 FileZilla weakly-encrypted password vulnerability: advisory + PoC

MISC - http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328


Last Updated: 27 May 2016 10:40:40