Medium severity5.3NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-15272

Description

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.htmlnvdThird Party AdvisoryVDB Entry
www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/nvdThird Party Advisory
www.securityfocus.com/archive/1/541518/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000