CVE

Id
3946  
CVE No.
CVE-2001-1142  
Status
Candidate  
Description
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.  
Phase
Proposed (20020315)  
Votes
ACCEPT(2) Baker, Frech | NOOP(7) Armstrong, Christey, Cole, Foat, Green, Wall, Ziese  
Comments
Christey> In an e-mail response, the vendor stated that they were | not a crypto expert and were using their own home-grown | crypto. | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | Baker> I received an email from Artchil Gogava, of Argosoft, author | of the program in question. I think this is sufficient verification | that the problem is probably as identified. He states he is not an | encryption expert, and that he invented his own encryption mechanism | for this. Need I say more? | | >>>EMAIL<<< | ///// | Subject: Re: Encryption in ArgoSoft FTP Server | Date: Thu, 9 May 2002 15:14:29 -0400 | From: "Artchil Gogava" <archie@argosoft.com> | To: "David Baker" <bakerd@mitre.org> | References: 1 | | Hello David, | | lnk problem, described in the document, has been fixed ages ago, and it does | not present in 1.2.2.2. As of password encryption. I am not an encryption | expert. I am using a method invented by myself, and I am sure that whatever | I do, someone, who has spare time to play around with it, will find the | method to decrypt it. | | Archie  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
18182 3946 CVE-2001-1142 BUGTRAQ:20010712 ArGoSoft FTP Server 1.2.2.2 Weak password encryption  View
18183 3946 CVE-2001-1142 URL:http://www.securityfocus.com/archive/1/196968  View
18184 3946 CVE-2001-1142 BID:3029  View
18185 3946 CVE-2001-1142 URL:http://www.securityfocus.com/bid/3029  View
18186 3946 CVE-2001-1142 XF:argosoft-ftp-weak-encryption(6848)  View

Related JVN