CVE
- Id
- 3915
- CVE No.
- CVE-2001-1111
- Status
- Candidate
- Description
- EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
- Phase
- Proposed (20020315)
- Votes
- ACCEPT(3) Baker, Frech, Green | NOOP(5) Armstrong, Cole, Foat, Wall, Ziese
- Comments
- Baker> It looks like this issue was modified in the changelog, but the basic issue | still exists. They moved all data files into the ini file. Still a | plain text file, however. It would have been better in a registry setting | so it was harder to get to... | | 2.0.8.345 2001.12.04 | Fixed a problem where the server would give a GPF whn disconnecting a single user | Added Ratios Feature | Added Statistics Feature | Modified User/Group Administration - now much more stable | Modified Startup Logo | Modifed all data files to .ini files for easy editing and to save space | Added Feature to save/load queues | Added auto reconnect feature on timeout | Fully Implemented RSA Control Port encryption, so now even commands like USER, PASS, GET, REST etc are encrypted. Total security on both data and commands. | Added Idle Timout for the Server component | Fixed some security flaws with directory listings
