NVT 14597 WS_FTP false positive

Vulnerability Tests
1

Plugin pre2008/ws_ftp_client_weak_stored_pass.nasl, OID 1.3.6.1.4.1.25623.1.0.14597, is flagging Progress WS_FTP Professional 12.8.7 as vulnerable because its version is less than 2007.0.0.2. Yet it says the fixed version is 12.6, which is less than 12.8.7, which is the latest version available in the 12.x sequence.

The plugin contains this code:

if(version_is_less_equal(version:ftpVer, test_version:“2007.0.0.2”)){
report = report_fixed_ver(installed_version:ftpVer, fixed_version:“12.6”, install_path:loc);
security_message(port:0, data:report);
exit(0);
}

The plugin reports this:

Synopsis:
The remote host has a version of the WS_FTP client which use a weak encryption method to store site password.

Solution:
Upgrade to the newest version of the WS_FTP client.

Details:
Installed version: 12.8.7
Fixed version: 12.6
Installation path / port: C:\Program Files (x86)\Ipswitch\WS_FTP 12

WS_FTP Professional has what appear to be two separate version number sequences: 12.x, and 200x. The plugin should distinguish between the two sequences.

See the versions available here: WS_FTP Professional Technical Documentation

Thanks,

Karl

2

Hi Karl, thanks for letting us know :slight_smile: I’ll pass this on to the developers.

3

Hi DeeAnn,

What’s the status of this? Has it made it to the front of the queue yet?

Thanks,

Karl

4

Hi @Karl,

I haven’t seen anything new on this, but re-reading I have a question. Do you know the source of the plugin (is it from Greenbone or is it a third-party plugin)?

5

(Sorry; didn’t see you reply until now.)

The script says the author is David Maciejak david.maciejak@kyxar.fr, based on work from Tenable, and is copyright him.

It’s still reporting version 12.8.7 as vulnerable, with fixed version = 12.6.

Please let me know if you want me to test a proposed nasl for this.

Karl

6

It seems this got unnoticed so far, probably because it was posted in the Feed Services category which is a category for the feed services itself and not about it’s .nasl file based content. For better visibility please try to use the Vulnerability Tests - Greenbone Community Portal category for any report related to .nasl files / scripts.

For this specific report i have opened an internal ticket for an evaluation, it might take some time though until a review is done.