Vulnerabilities > CVE-2005-1092 - Local Authentication Credentials Disclosure vulnerability in Light Speed Technologies DeluxeFTP

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

light-speed-technology

exploit available

NVD

Published: 2005-05-02

Updated: 2008-09-05

Summary

Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Light_Speed_Technology Light Speed Technology Deluxeftp 6.0.1 Light Speed Technology Deluxeftp 7.0.1_Beta	2

Exploit-Db

description	DeluxeFtp 6.x Local Password Disclosure Exploit. CVE-2005-1092. Local exploit for windows platform
id	EDB-ID:936
last seen	2016-01-31
modified	2005-04-13
published	2005-04-13
reporter	Kozan
source	https://www.exploit-db.com/download/936/
title	DeluxeFtp 6.x - Local Password Disclosure Exploit

Summary

Vulnerable Configurations

Exploit-Db

References