CVE-2020-6857

Опубликовано: 21 янв. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.

Ссылки

http://hyp3rlinx.altervista.org
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/29
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/35
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/30
Exploit
Mailing List
Third Party Advisory
http://hyp3rlinx.altervista.org
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157321/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/29
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/35
Exploit
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/30
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taskautomation:carbonftp:1.4:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00126

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-rvwp-x3pv-c87j