Full Disclosure mailing list archives
Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
From: Valdis.Kletnieks () vt edu
Date: Fri, 18 Apr 2008 16:24:13 -0400
On Fri, 18 Apr 2008 16:16:59 EDT, Joey Mengele said:
Then how do you explain the security offered by section 3.4.3 of RFC959? Or did you just skip over that...
3.4.3. COMPRESSED MODE There are three kinds of information to be sent: regular data, sent in a byte string; compressed data, consisting of replications or filler; and control information, sent in a two-byte escape sequence. If n>0 bytes (up to 127) of regular data are sent, these n bytes are preceded by a byte with the left-most bit set to 0 and the right-most 7 bits containing the number n. If you think run-length-encoding compression is security, you're even less clued than I thought.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Joey Mengele (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 18)
- <Possible follow-ups>
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Joey Mengele (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Joey Mengele (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml) Joey Mengele (Apr 18)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 18)