Details of VAR-199907-0009

ID

VAR-199907-0009

CVE

CVE-1999-1078

TITLE

WS_FTP Configuration file ws_ftp.ini File password weak encryption vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199907-033

DESCRIPTION

WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. WS_FTP, both Pro and LE versions,. allows passwords to be saved as part of a saved site configuration. These passwords are encrypted and stored in .ini files. The encryption method is weak and can be broken. WS_FTP is a widely used FTP client software maintained by Ipswitch distribution. Certain versions of WS_FTP have a problem that will leak FTP user passwords

Trust: 1.26

sources: NVD: CVE-1999-1078 // BID: 547 // VULHUB: VHN-1059

AFFECTED PRODUCTS

vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	6.0	Trust: 1.9
vendor:	ipswitch	model:	ws ftp le	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ipswitch	model:	ws ftp le	scope:	eq	version:	4.5	Trust: 0.3

sources: BID: 547 // CNNVD: CNNVD-199907-033 // NVD: CVE-1999-1078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-1078
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-199907-033
value:	HIGH
Trust: 0.6
VULHUB:	VHN-1059
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-1999-1078
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-1059
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-1059 // CNNVD: CNNVD-199907-033 // NVD: CVE-1999-1078

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199907-033

TYPE

Design Error

Trust: 0.9

sources: BID: 547 // CNNVD: CNNVD-199907-033

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1059

EXTERNAL IDS

db:	NVD	id:	CVE-1999-1078	Trust: 2.0
db:	BID	id:	547	Trust: 2.0
db:	CNNVD	id:	CNNVD-199907-033	Trust: 0.7
db:	NSFOCUS	id:	3435	Trust: 0.6
db:	NTBUGTRAQ	id:	19990729 WS_FTP PRO 6.0 WEAK PASSWORD ENCRYPTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-1059	Trust: 0.1

sources: VULHUB: VHN-1059 // BID: 547 // CNNVD: CNNVD-199907-033 // NVD: CVE-1999-1078

REFERENCES

url:	http://www.securityfocus.com/bid/547	Trust: 1.7
url:	http://www.ntbugtraq.com/default.asp?pid=36&sid=1&a2=ind9907&l=ntbugtraq&d=0&p=10370&f=p	Trust: 1.6
url:	http://www.nsfocus.net/vulndb/3435	Trust: 0.6
url:	http://www.hispasec.com/unaaldia.asp?id=274	Trust: 0.3
url:	http://www.ntbugtraq.com/default.asp?pid=36&sid=1&a2=ind9907&l=ntbugtraq&d=0&p=10370&f=p	Trust: 0.1

sources: VULHUB: VHN-1059 // BID: 547 // CNNVD: CNNVD-199907-033 // NVD: CVE-1999-1078

CREDITS

Bernardo Quintero※ bernardo@hispasec.com

Trust: 0.6

sources: CNNVD: CNNVD-199907-033

SOURCES

db:	VULHUB	id:	VHN-1059
db:	BID	id:	547
db:	CNNVD	id:	CNNVD-199907-033
db:	NVD	id:	CVE-1999-1078

LAST UPDATE DATE

2024-08-14T15:41:04.493000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-1059	date:	2008-09-05T00:00:00
db:	BID	id:	547	date:	2009-07-11T00:56:00
db:	CNNVD	id:	CNNVD-199907-033	date:	2006-09-22T00:00:00
db:	NVD	id:	CVE-1999-1078	date:	2008-09-05T20:18:40.227

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-1059	date:	1999-07-29T00:00:00
db:	BID	id:	547	date:	1999-07-29T00:00:00
db:	CNNVD	id:	CNNVD-199907-033	date:	1999-07-29T00:00:00
db:	NVD	id:	CVE-1999-1078	date:	1999-07-29T04:00:00