VULHUB ™

CuteFTP is a popular commercial FTP client for Microsoft Windows systems. CuteFTP v4.2(and possibly earlier versions) uses a weak system for encoding passwords for accounts on FTP sites. Passwords are stored in a file called 'sm.dat', and can be easily retrieved provided the site manager password has not been set. Successful exploitation of this vulnerability will allow a local attacker to gain unauthorized access to the FTP sites used by other local users.

CuteFTP is a popular commercial FTP client for Microsoft Windows systems. CuteFTP v4.2(and possibly earlier versions) uses a weak system for encoding passwords for accounts on FTP sites. Passwords are stored in a file called 'sm.dat', and can be easily retrieved provided the site manager password has not been set. Successful exploitation of this vulnerability will allow a local attacker to gain unauthorized access to the FTP sites used by other local users.