logo

Storage of File With Sensitive Data Under FTP Root

Draft Variant
Structure: Simple
Description

The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.

Common Consequences 1
Scope: Confidentiality

Impact: Read Application Data
Potential Mitigations 2
Phase: ImplementationSystem Configuration
Avoid storing information under the FTP root directory.
Phase: System Configuration
Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Operation
Architecture and Design
Related Weaknesses
ChildOf: Files or Directories Accessible to External Parties (CWE-552)
Taxonomy Mapping
  • PLOVER