Total Commander WCX_FTP.INI weak account information encryption
| totalcommander-ftp-weak-encryption (23497) |  Low Risk |
Description:
Total Commander uses a weak encryption algorithm to store FTP usernames and passwords in the WCX_FTP.INI file. A local attacker could exploit this vulnerability to decrypt the recovered passwords and gain unauthorized access to remote FTP servers.
Note: It has been reported that this vulnerability is actively being exploited by the W32.Gudeb worm.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- Networksecurity.fi Security Advisory (05-12-2005): Total Commander WCX_FTP.INI weak FTP account information encryption vulnerability.
- Symantec Security Response: W32.Gudeb.
- Total Commander Web page: Total Commander.
- CVE-2005-4066: Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
- SECTRACK ID: 1015311: Total Commander Weak Encryption Algorithm Lets Local Users Obtain FTP Passwords
- VUPEN/ADV-2005-2780: Total Commander WCX_FTP.INI Information Disclosure Vulnerability
Platforms Affected:
- Christian Ghisler Total Commander 6.53 and prior
Reported:
Dec 07, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net