QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15272

Published: Nov 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html

x_refsource_MISC

20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server

mailing-list

x_refsource_BUGTRAQ

https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.