Home Tools Exploits & CVE's WFTPD 3.25 Credential Disclosure

WFTPD 3.25 Credential Disclosure

May 29, 2023

270

Authored by golem445

WFTPD version 3.25 leaves credentials accessible in wftpd.ini.

# Exploit Title: WFTPD 3.25 - Unprotected Credential Storage
# Date: 04/01/2023
# Exploit Author: golem445
# Vendor Homepage: https://www.texis.com/
# Tested on: Windows 10
# CVE: CVE-2023-33263# 

#Description: 

Usernames and hashes are stored in an openly viewable wftpd.ini configuration file within the host WFTPD directory

WFTPD 3.25 Credential Disclosure

Follow us on Instagram @thecyberpost

EDITOR PICKS

Over 500 people targeted by Pegasus spyware in Poland, officials say

MGM sues to block FTC investigation of its data security

Ransomware attack has cost UnitedHealth $872 million; total expected to surpass...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Aviatrix Controller 6.x Path Traversal / Code Execution

Apache HTTP Server 2.4.49 Path Traversal

IOTransfer 4 Unquoted Service Path