← voltar
CVE-2020-6857

CVE-2020-6857

EPSS 1.0%
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://hyp3rlinx.altervista.orghttp://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.htmlhttp://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.htmlhttp://seclists.org/fulldisclosure/2020/Jan/29http://seclists.org/fulldisclosure/2020/Jan/35https://seclists.org/bugtraq/2020/Jan/30