Hummingbird FTP weak encryption
| hummingbird-ftp-weak-encryption (21811) |  Medium Risk |
Description:
Hummingbird FTP could allow a local attacker to obtain user passwords. The FTP passwords are encrypted with a weak encryption algorithm. A local attacker could decrypt user passwords.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- Hummingbird Connectivity Web site: Connectivity Software.
- BID-14559: Hummingbird FTP Weak Password Encryption Weakness
- CVE-2005-2599: Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.
- SA16430: Hummingbird FTP User Password Encryption Weakness
Platforms Affected:
- Hummingbird Connectivity 10.0
Reported:
Aug 15, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net