Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Meant to serve as the open/public
Anonymous FTP Access to Sensitive Files
Disclosed by sivasankardas- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date about 1 year ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by sivasankardas
This report highlights a potential risk identified in a publicly accessible FTP server, which allowed anonymous users to access sensitive directories and files. The exposed files included data and configurations that, if manipulated or exploited, could have posed a threat to data confidentiality and system integrity.
The vulnerability stemmed from a lack of proper authentication mechanisms on the FTP server, underscoring the importance of securing publicly accessible assets. While deemed informational by the target organization, the issue underscores the need for consistent application of security best practices.