MidnightBSD

Advisories for coffeecup_software

CVE-2001-0103 MEDIUM

CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
coffeecup_software coffeecup_free_ftp 1.0
coffeecup_software coffeecup_direct_ftp 1.0
CVE-2003-1394 MEDIUM

CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
coffeecup_software coffeecup_password_wizard *