CWE

Sensitive Data Under FTP Root

ID: 220		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

The application stores sensitive data under the FTP document root with insufficient access control, which might make it accessible to untrusted parties.

Applicable Platforms
Language Class: All

Time Of Introduction

• Operation
• Architecture and Design

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Implementation System Configuration		Avoid storing information under the FTP root directory.
System Configuration		Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory.

Relationships

Related CWE	Type	View	Chain
CWE-220 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		Sensitive Data Under FTP Root

References:
None