Title: ArGoSoft FTP Server Weak Password Encryption Vulnerability
Severity: HIGH
Description:
ArGoSoft FTP server is an FTP server for the Windows platform.
A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a user to decrypt the password using a third party utility.
The attacker could locate the password file using a previously discovered directory traversal issue (BID 2961).
Compromise of the user accounts could result in disclosure of sensitive information and interference with the normal operation of the affected FTP site.
Compromise of an administrator account may allow an attacker to obtain an elevation of privileges and potentially issue arbitrary commands.
Affected Products:
- ArGoSoft FTP Server 1.2.2 .2
References:
- ArGoSoft: ArGoSoft FTP Server Product Home Page
- SecurityFocus: ArGoSoft FTP Server .lnk Directory Traversal Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
