Read Time:30 Second
Description
The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot.
Modes of Introduction:
– Operation
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Potential Mitigations
Phase: Implementation, System Configuration
Description:
Avoid storing information under the FTP root directory.
Phase: System Configuration
Description:
Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.