EnterpriseDT CompleteFTP Server prior to version 12.1. Inclusion of Sensitive Information in Log Files Vulnerability

Summary

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. 

Credit:

The information has been provided by Vendor

The original article can be found at: https://enterprisedt.com/products/completeftp/doc/guide/html/history.html

 


Details

This allows an attacker to obtain the administrator password hash.

Vulnerable Systems:

EnterpriseDT CompleteFTP Server prior to version 12.1.3 

CVE Information:

CVE-2019-16116

Disclosure Timeline:

Published Date:10/02/2019