Tag Archives: Storage of File With Sensitive Data Under FTP Root

CWE-220 – Storage of File With Sensitive Data Under FTP Root

Read Time:30 Second

Description

The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot.

Modes of Introduction:

– Operation

 

 

Related Weaknesses

CWE-552

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

Phase: Implementation, System Configuration

Description: 

Avoid storing information under the FTP root directory.

Phase: System Configuration

Description: 

Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.

CVE References