Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-1948 | First vendor Publication | 2004-04-20 |
| Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1948 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 5595 | NcFTP Client Local Credentials Disclosure NcFTP Client contains a flaw that may allow a malicious user to see other users' passwords using "ps". The issue is triggered anytime the NcFTP client is used with a FTP URL. It is possible that the flaw may allow passwords to be exposed resulting in a loss of confidentiality. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:02:34 |
|
| 2021-04-22 01:02:46 |
|
| 2020-05-23 00:16:06 |
|
| 2017-07-11 12:01:41 |
|
| 2016-10-18 12:01:29 |
|
| 2016-06-28 15:08:31 |
|
| 2016-04-26 13:04:26 |
|
| 2013-05-11 11:47:10 |
|
