Light Speed Technologies DeluxeFTP Local Authentication Credentials Disclosure Vulnerability

Bugtraq ID:	13105
Class:	Access Validation Error
CVE:	CVE-2005-1092
Remote:	No
Local:	Yes
Published:	Apr 12 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Lostmon is credited with the discovery of this issue.
Vulnerable:	Light Speed Technology DeluxeFTP 6.0 1
Not Vulnerable:

Light Speed Technologies DeluxeFTP Local Authentication Credentials Disclosure Vulnerability

A local authentication credentials disclosure vulnerability affects Light Speed Technologies DeluxeFTP. This issue is due to a failure of the application to properly secure authentication credentials by default.

An attacker may leverage this issue to gain access to authentication credentials for all FTP accounts stored in the offending file.

Light Speed Technologies DeluxeFTP Local Authentication Credentials Disclosure Vulnerability

No exploit is required to leverage this issue.

Light Speed Technologies DeluxeFTP Local Authentication Credentials Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Light Speed Technologies DeluxeFTP Local Authentication Credentials Disclosure Vulnerability

References:

• DeluxeFTP Home Page (Light Speed Technologies)