Primary

Context

SpotFTP Password Recover Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in SpotFTP Password Recover version 2.4.2. This vulnerability allows local attackers to crash the application by sending an oversized buffer in the Name field during the registration process. By generating a 256-byte payload and pasting it into the Name input field, attackers can trigger a crash when submitting the registration code.

Impact

Exploitation of this vulnerability leads to a crash of the SpotFTP Password Recover application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first create a 256-byte payload consisting of repeated characters. Save this payload to a text file. Then, open SpotFTP Password Recover 2.4.2 and navigate to the registration section. Paste the 256-byte payload into the Name field, enter a registration code, and submit the form. The application will crash, demonstrating the denial-of-service vulnerability.

Added: Apr 12, 2026, 1:18 PM

Updated: Apr 12, 2026, 1:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

0.0

relevance

5.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SpotFTP Password Recover Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating