Weak Encryption of FTP Usernames and Passwords in Total Commander 6.53

Weak Encryption of FTP Usernames and Passwords in Total Commander 6.53

CVE-2005-4066 · MEDIUM Severity

AV:L/AC:L/AU:N/C:C/I:N/A:N

Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.

Learn more about our Cis Benchmark Audit For Server Software.