CVE-2013-1625

Titan FTP Administrative Password Disclosure

Description

On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server responds with the legitimate username and password for the service. With this information, an attacker has complete control over the FTP service, which includes the ability to add and remove FTP users, as well as add, remove, and modify available directories and their permissions.

Exploits (1)

metasploit WORKING POC

by Spencer McIntyre · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/titan_ftp_admin_pwd.rb

View Code ZIP pw:eip

Scores

Classification

Status draft

Timeline

Tracked Since Feb 18, 2026