Vulnerabilities > CVE-2005-2898 - Unspecified vulnerability in Filezilla 2.2.14B/2.2.15
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN filezilla
exploit available
Summary
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability. CVE-2005-2898. Dos exploit for windows platform |
| id | EDB-ID:26220 |
| last seen | 2016-02-03 |
| modified | 2005-09-02 |
| published | 2005-09-02 |
| reporter | [email protected] |
| source | https://www.exploit-db.com/download/26220/ |
| title | FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key Vulnerability |
References
- http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328
- http://filezilla.sourceforge.net/forum/viewtopic.php?t=1328
- http://marc.info/?l=bugtraq&m=112577523810442&w=2
- http://marc.info/?l=bugtraq&m=112577523810442&w=2
- http://marc.info/?l=bugtraq&m=112605448327521&w=2
- http://marc.info/?l=bugtraq&m=112605448327521&w=2
- http://www.securityfocus.com/bid/14730
- http://www.securityfocus.com/bid/14730
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22135