Title: FTPPro Information Disclosure Vulnerability
Severity: MODERATE
Description:
FTPPro is a shareware FTP package written by 1st Choice Software for the Microsoft Windows platforms. The FTPPro software package creates a key in the registry of any machine on which it is installed. This key, contained at extension \HKEY_LOCAL_MACHINE\SOFTWARE\FTPPro98c, stores sensitive user information in an unencrypted state. The permissions of the key permit any users of group "Everybody" to execute commands Query Value, Set Value, Create Subkey, Enumerate Subkey, Notify, Delete, and Read Control. The key permissions additionally permit Full Control to Administrator, Owner, and System.
Within this key, sensitive information such as the owners credit card number, credit card expiration date, card type, name, registration address, and telephone number is stored. The "Offline Registration" option of this software package will additionally create a clear text document titled "Register.txt" in the working directory of the program, also containing this information. As a consequence, it is possible for an attacker to retrieve sensitive personal information about the owner of the package.
Affected Products:
- 1st Choice Software FTPPro 7.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
