CVE-2004-1948

NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.

Published: Apr 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1948
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ncftp_software / ncftp	3.0.2	3.0.2.x
ncftp_software / ncftp	3.1.3	3.1.3.x
ncftp_software / ncftp	3.1.4	3.1.4.x
ncftp_software / ncftp	3.0.0	3.0.0.x
ncftp_software / ncftp	3.1.0	3.1.0.x
ncftp_software / ncftp	3.0.3	3.0.3.x
ncftp_software / ncftp	3.1.6	3.1.6.x
ncftp_software / ncftp	3.1.5	3.1.5.x
ncftp_software / ncftp	3.1.7	3.1.7.x
ncftp_software / ncftp	3.1.1	3.1.1.x
ncftp_software / ncftp	3.0.1	3.0.1.x
ncftp_software / ncftp	3.1.2	3.1.2.x
ncftp_software / ncftp	3.0.4	3.0.4.x

http://marc.info/?l=bugtraq&m=108247943201685&w=2
http://secunia.com/advisories/11438
http://www.osvdb.org/5595
http://www.securityfocus.com/bid/10182
https://exchange.xforce.ibmcloud.com/vulnerabilities/15919

Vulnerability Database

289,697

CVE-2004-1948