Insecure Storage of Configuration Data in PSFTPd Server

Insecure Storage of Configuration Data in PSFTPd Server

CVE-2017-15272 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.

Learn more about our Cis Benchmark Audit For Server Software.