[30181] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Plaintext Password in Settings.ini of CesarFTP

daemon@ATHENA.MIT.EDU (Andreas Constantinides)
Tue May 20 11:59:19 2003

Message-ID: <002401c31ea1$17e70590$42c8a8c0@odysseyconsultants.com>
From: "Andreas Constantinides" <megahz@megahz.org>
To: <bugtraq@securityfocus.com>
Date: Tue, 20 May 2003 10:25:56 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Cesar FTP v0.99g (latest version)
an FTP Server by http://www.aclogic.com/
it saves the ftp password in file: 
c:\Program Files\CesarFTP\settings.ini
in plaintext:

....
Password= "lalala"
Login= "megahz"
Name= "megahz"
....


Discovered by MegaHz
www.megahz.org
megahz@megahz.org
www.cyhackportal.com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post