Headline
WFTPD 3.25 Credential Disclosure
WFTPD version 3.25 leaves credentials accessible in wftpd.ini.
Change Mirror Download
# Exploit Title: WFTPD 3.25 - Unprotected Credential Storage# Date: 04/01/2023# Exploit Author: golem445# Vendor Homepage: https://www.texis.com/# Tested on: Windows 10# CVE: CVE-2023-33263# #Description: Usernames and hashes are stored in an openly viewable wftpd.ini configuration file within the host WFTPD directoryRelated news
CVE-2023-33263: WFTPD 3.25 Credential Disclosure ≈ Packet Storm
In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.