Skip to main content

Use of an insecure channel - FTP

Description

Customer information is transmitted over a channel that does not use encryption, so credentials and confidential information can be captured in plain text.

Impact

Capture user credentials after a MitM attack.

Recommendation

Deploy the application over an encrypted communication channel, such as SFTP.

Threat

Anonymous attacker from adjacent network.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: A
  • Attack complexity: H
  • Privileges required: N
  • User interaction: R
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: O
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X
  • Score:
    • Base: 3.7
    • Temporal: 3.4
  • Severity:
    • Base: Low
    • Temporal: Low

Code Examples

Compliant code

The application uses safe communication channels, like sftp

// Setup session options with a sftp channel
SessionOptions sessionOptions = new SessionOptions{
  Protocol = Protocol.Sftp,
  HostName = "example.com",
  UserName = "user",
  Password = "mypassword",
  SshHostKeyFingerprint = "ssh-rsa 2048 xxxxxxxxxxx...="
};

//Send files through the secure channel
using (Session session = new Session()){
  // Connect
  session.Open(sessionOptions);

  // Send files
  session.SendFiles(@"d:    oupload\*", "/home/user/").Check();
}

Non compliant code

The application uses unsafe communication channels like FTP to establish connections

public void SendFile(String strFilename){
  FtpWebRequest requestDir = (FtpWebRequest)FtpWebRequest.Create("ftp:url");
  requestDir.Credentials = new NetworkCredential("username", "password");

  //An FTP connection is stablished
  if(!m_bConnected){
    Console.WriteLine("Waiting for connection on DataConnection");
  }

  while(!m_bConnected) {
      Thread.Sleep(100);
  }

  //Read secure information through the channel
  byte[] btFileContent = File.ReadAllBytes(strFilename);
  int iContentLen = btFileContent.Length;
  sw.Write(btFileContent, 0, iContentLen);
  sw.Close();
}

Requirements

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.