Description

A file containing SFTP/FTP connection credentials was found on this web server.

Some SFTP/FTP clients store SFTP/FTP connection details such as hostname, username, password in text files. For example Sublime SFTP is creating a file named sftp-config.json, FileZilla is storing the information in a file named recentservers.xml.

Remediation

Remove this file from the web server.

References

SFTP/FTP Password Exposure via sftp-config.json

Related Vulnerabilities

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.11)

Drupal Backup Migrate directory publicly accessible

WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure