Main Vulnerability Database SB2018052910

SB2018052910 - Insufficiently protected credentials in Cerberus FTP Server

Published: May 29, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018052910

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficiently protected credentials (CVE-ID: CVE-2018-11544)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.

Remediation

Install update from vendor's website.

References

https://pastebin.com/ygwczqpP