CVE-2005-4066
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
07/12/2005
Last modified:
03/04/2025
Description
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:christian_ghisler:total_commander:6.53:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securitytracker.com/id?1015311=
- http://www.networksecurity.fi/advisories/total-commander.html
- http://www.vupen.com/english/advisories/2005/2780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23497
- http://securitytracker.com/id?1015311=
- http://www.networksecurity.fi/advisories/total-commander.html
- http://www.vupen.com/english/advisories/2005/2780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23497