Sensitive Data Under FTP Root
Weakness ID: 220 (Weakness Variant)Status: Draft
+ Description

Description Summary

The application stores sensitive data under the FTP document root with insufficient access control, which might make it accessible to untrusted parties.
+ Time of Introduction
  • Operation
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Potential Mitigations

Avoid storing information under the FTP root directory.

Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.

+ Background Details

Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class216Containment Errors (Container Errors)
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERSensitive Data Under FTP Root
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Background Details, Relationships, Taxonomy Mappings