Skip to main content

Use of an insecure channel - FTP


Customer information is transmitted over a channel that does not use encryption, so credentials and confidential information can be captured in plain text.


Capture user credentials after a MitM attack.


Deploy the application over an encrypted communication channel, such as SFTP.


Anonymous attacker from adjacent network.

Expected Remediation Time

⌚ 60 minutes.


Default score using CVSS 3.1. It may change depending on the context of the vulnerability.


  • Attack vector: A
  • Attack complexity: H
  • Privileges required: N
  • User interaction: R
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: N


  • Exploit code madurity: P
  • Remediation level: O
  • Report confidence: X


  • Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X
  • Score:
    • Base: 3.7
    • Temporal: 3.4
  • Severity:
    • Base: Low
    • Temporal: Low

Code Examples

Compliant code

The application uses safe communication channels, like sftp

// Setup session options with a sftp channel
SessionOptions sessionOptions = new SessionOptions{
Protocol = Protocol.Sftp,
HostName = "",
UserName = "user",
Password = "mypassword",
SshHostKeyFingerprint = "ssh-rsa 2048 xxxxxxxxxxx...="

//Send files through the secure channel
using (Session session = new Session()){
// Connect

// Send files
session.SendFiles(@"d: oupload\*", "/home/user/").Check();

Non compliant code

The application uses unsafe communication channels like FTP to establish connections

public void SendFile(String strFilename){
FtpWebRequest requestDir = (FtpWebRequest)FtpWebRequest.Create("ftp:url");
requestDir.Credentials = new NetworkCredential("username", "password");

//An FTP connection is stablished
Console.WriteLine("Waiting for connection on DataConnection");

while(!m_bConnected) {

//Read secure information through the channel
byte[] btFileContent = File.ReadAllBytes(strFilename);
int iContentLen = btFileContent.Length;
sw.Write(btFileContent, 0, iContentLen);


free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.