Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)

From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 18 Apr 2008 16:16:59 -0400
Valids,

On Fri, 18 Apr 2008 16:10:41 -0400 Valdis.Kletnieks () vt edu wrote:

On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said:

I disagree, read the RFC. There are plenty of more secure FTP 
clients such as the OpenSSH.com groups proactive secure Secure 

FTP 

(sftp) implementation of FTP.


Right, except that SFTP isn't the RFC959 protocol that lives on 
ports 20/21,
it's an entirely different protocol layered on top of the OpenSSH 
on port 22.

If you actually *do* "read the RFC", RFC959, section 4.1.1 says:



Then how do you explain the security offered by section 3.4.3 of 
RFC959? Or did you just skip over that...

J

--
Own your own business.  Click here to start making money owning your own franchise.
http://tagline.hushmail.com/fc/Ioyw6h4fPmWsA2fzSQ6klsvwitr5lyEN7uWRbhg5RUfeRgV7wM17Gg/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: