CVE-2020-6857

Medium

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords…

mitre·CWE-327·Published 2020-01-21

CVSS

5.5

EPSS

0.01

KEV

Exploits

cve.orgen

167 chars

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.

NVDen

167 chars

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.

CarbonFTP versión v1.4, utiliza un cifrado de contraseña propietario no seguro con una clave de cifrado débil embebida. La clave para las contraseñas del servidor FTP local está embebida en el binario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N