Variant weakness
Draft
CWE-220: Storage of File With Sensitive Data Under FTP Root
The product stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.
Last updated
0
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Variant
Abstraction
MITRE classification
Overview
CWE-220 (Storage of File With Sensitive Data Under FTP Root) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Background
Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot.
Common consequences
What can happen when CWE-220 is exploited.
Read Application Data
Affects: Confidentiality
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Operation
Architecture and Design
How to prevent it
Practical mitigations for CWE-220, grouped by where in the lifecycle they apply.
Implementation
System Configuration