← volver
CVE-2020-6857

CVE-2020-6857

EPSS 1.0%
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://hyp3rlinx.altervista.orghttp://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.htmlhttp://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.htmlhttp://seclists.org/fulldisclosure/2020/Jan/29http://seclists.org/fulldisclosure/2020/Jan/35https://seclists.org/bugtraq/2020/Jan/30