What is the severity of CVE-2005-2898?

CVE-2005-2898 is considered to be of medium severity due to its potential to expose sensitive user passwords.

How do I fix CVE-2005-2898?

To fix CVE-2005-2898, you should upgrade to a later version of FileZilla where the weak encryption vulnerability is addressed.

Which versions of FileZilla are affected by CVE-2005-2898?

CVE-2005-2898 affects FileZilla versions 2.2.14b and 2.2.15, and possibly earlier versions.

Can local users exploit CVE-2005-2898?

Yes, local users can exploit CVE-2005-2898 to obtain sensitive passwords stored in the configuration file when secure mode is disabled.

Is CVE-2005-2898 still a concern for current users of FileZilla?

CVE-2005-2898 is only a concern for users still using the vulnerable versions of FileZilla 2.2.14b and 2.2.15.

Vulnerability/
CVE-2005-2898

medium

4.6

CWE

NVD-CWE-Other 326

14/9/2005

7/8/2024

CVE-2005-2898: Weak Encryption

First published: Wed Sep 14 2005(Updated: )

** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla VPN	=2.2.14b
Mozilla VPN	=2.2.15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2898?
CVE-2005-2898 is considered to be of medium severity due to its potential to expose sensitive user passwords.
How do I fix CVE-2005-2898?
To fix CVE-2005-2898, you should upgrade to a later version of FileZilla where the weak encryption vulnerability is addressed.
Which versions of FileZilla are affected by CVE-2005-2898?
CVE-2005-2898 affects FileZilla versions 2.2.14b and 2.2.15, and possibly earlier versions.
Can local users exploit CVE-2005-2898?
Yes, local users can exploit CVE-2005-2898 to obtain sensitive passwords stored in the configuration file when secure mode is disabled.
Is CVE-2005-2898 still a concern for current users of FileZilla?
CVE-2005-2898 is only a concern for users still using the vulnerable versions of FileZilla 2.2.14b and 2.2.15.

agent/type
agent/weakness
agent/references
agent/severity
agent/status
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/last-modified-date
agent/source
agent/author
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-historical
vendor/filezilla
product/filezilla
canonical/filezilla filezilla
status/disputed
canonical/mozilla vpn
version/mozilla vpn/2.2.14b
version/mozilla vpn/2.2.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.