• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
ArGoSoft FTP Server uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020315 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20020315)
Votes (Legacy)
ACCEPT(2) Baker, Frech
NOOP(7) Armstrong, Christey, Cole, Foat, Green, Wall, Ziese
Comments (Legacy)
 Christey> In an e-mail response, the vendor stated that they were
   not a crypto expert and were using their own home-grown
 CHANGE> [Baker changed vote from REVIEWING to ACCEPT]
 Baker> I received an email from Artchil Gogava, of Argosoft, author
   of the program in question.  I think this is sufficient verification
   that the problem is probably as identified.  He states he is not an
   encryption expert, and that he invented his own encryption mechanism
   for this.  Need I say more?
   Subject:  Re: Encryption in ArgoSoft FTP Server
   Date:     Thu, 9 May 2002 15:14:29 -0400
   From:     "Artchil Gogava" <>
   To:       "David Baker" <>
   References:      1
   Hello David,
   lnk problem, described in the document, has been fixed ages ago, and it does
   not present in  As of password encryption.  I am not an encryption
   expert.  I am using a method invented by myself, and I am sure that whatever
   I do, someone, who has spare time to play around with it, will find the
   method to decrypt it.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.