| Vulnerability Name: | CVE-2004-1948 (CCN-15919) | ||||||||
| Assigned: | 2004-04-19 | ||||||||
| Published: | 2004-04-19 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Apr 19 2004 - 18:46:10 CDT NcFTP - password leaking Source: MITRE Type: CNA CVE-2004-1948 Source: BUGTRAQ Type: UNKNOWN 20040419 NcFTP - password leaking Source: CCN Type: SA11438 NcFTP Client Password Leakage Security Issue Source: SECUNIA Type: Exploit, Vendor Advisory 11438 Source: OSVDB Type: UNKNOWN 5595 Source: CCN Type: OSVDB ID: 5595 NcFTP Client Local Credentials Disclosure Source: BID Type: Vendor Advisory 10182 Source: CCN Type: BID-10182 NcFTP Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN ncftp-info-disclosure(15919) Source: XF Type: UNKNOWN ncftp-info-disclosure(15919) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||