Win FTP Server纯文本密码存储漏洞

WinFTP Server 1.6版本将用户名和密码证书存储在data＼user.wfd文件的纯文本中。本地用户利用该漏洞获取对证书的访问权限。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: win-ftp-password-plaintext(18247)
链接:http://xforce.iss.net/xforce/xfdb/18247

来源: BID
名称: 11749
链接:http://www.securityfocus.com/bid/11749

来源: OSVDB
名称: 12122
链接:http://www.osvdb.org/12122

来源: SECTRACK
名称: 1012321
链接:http://securitytracker.com/id?1012321

来源: SECUNIA
名称: 13304
链接:http://secunia.com/advisories/13304