TFTP file access


File access via the TFTP service.


Unauthorized remote access to system or user files.


The TFTP (trivial file transfer protocol) service provides remote access to files, without asking for a password. It is typically used for the initialization of diskless computers, of X terminals, or of other dedicated hardware.

The problem

When the TFTP daemon does not limit access to specific files or hosts, a remote intruder can use the service to obtain copies of the password file or of other system or user files, or to remotely overwrite files.


Other tips

CVE Reference(s):