Bypassing Master-Password Feature in ES File Explorer Allows Remote FTP Access

Bypassing Master-Password Feature in ES File Explorer Allows Remote FTP Access

CVE-2019-11380 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage.

Learn more about our Cis Benchmark Audit For Google Android.