SpotFTP FTP Password Recovery Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in SpotFTP FTP Password Recovery version 2.4.8. This vulnerability allows attackers to crash the application by exploiting a stack-based buffer overflow. To trigger the crash, an attacker can create a text file containing 1000 'Z' characters and use it as a registration code, causing the application to fail.

Impact

Exploitation of this vulnerability leads to a crash of the SpotFTP FTP Password Recovery application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by opening SpotFTP FTP Password Recovery version 2.4.8 on a Windows 10 Home x64 system. After the application is running, use a Python script to create a text file named 'RandomLetter.txt' containing 1000 'Z' characters. Once the file is created, copy its contents and paste them into the registration code field in the application. This will trigger the buffer overflow and crash the program.