Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / FTP / FTP Clear Text Authentication
server monitoring

FTP Clear Text Authentication
Article ID: 34324
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 913
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

FTP Clear Text Authentication
This script is Copyright (C) 2008 Tenable Network Security

FamilyFTP
Plugin ID34324
Bugtraq ID
CVE ID

Description:

Synopsis :

The remote FTP server allows credentials to be transmitted in clear
text.

Description :

The remote FTP does not encrypt its data and control connections. The
user name and password are transmitted in clear text and may be
intercepted by a network sniffer, or a man-in-the-middle attack.

Solution :

Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In
the latter case, configure the server such as data and control
connections must be encrypted.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
This article was:   Helpful | Not Helpful
Prev   Next
ArGoSoft FTP Server < 1.4.2.8 Multiple .LNK File Handling...     eScan Server Management Console (eserv.exe) FTP Server Arbitrary...

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events