Details of VAR-E-200105-0080

ID

VAR-E-200105-0080

TITLE

Rumpus FTP Server Plaintext Password Vulnerability

Trust: 0.3

sources: BID: 2718

DESCRIPTION

Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections.
Passwords are stored in plaintext format in the prefs folder.
If access to the prefs folder is not restricted then a remote user may view the plaintext password file and access any user account on the server.

Trust: 0.3

sources: BID: 2718

AFFECTED PRODUCTS

vendor:	maxum	model:	rumpus ftp server dev	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.4	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.2	Trust: 0.3

sources: BID: 2718

EXPLOIT

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

Trust: 0.3

sources: BID: 2718

PRICE

Free

Trust: 0.3

sources: BID: 2718

TYPE

Design Error

Trust: 0.3

sources: BID: 2718

CREDITS

Jass Seljamaa <jass@email.isp.ee> posted this vulnerability to BugTraq on May 15th, 2001.

Trust: 0.3

sources: BID: 2718

EXTERNAL IDS

db:

BID

id:

2718

Trust: 0.3

sources: BID: 2718

REFERENCES

url:

http://www.maxum.com/rumpus/

Trust: 0.3

sources: BID: 2718

SOURCES

db:

BID

id:

2718

LAST UPDATE DATE

2022-07-27T09:41:59.408000+00:00

SOURCES UPDATE DATE

db:

BID

id:

2718

date:

2001-05-15T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

2718

date:

2001-05-15T00:00:00