Plaintext Storage of Credentials in Lightspeed DeluxeFTP 6.01's sites.xml File Allows Privilege Escalation

Plaintext Storage of Credentials in Lightspeed DeluxeFTP 6.01's sites.xml File Allows Privilege Escalation

CVE-2005-1092 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.

Learn more about our User Device Pen Test.