Full Disclosure mailing list archives
Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Mon, 21 Apr 2008 15:10:56 -0400
Michael, On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham <techie.micheal () gmail com> wrote:
But, but, feet are tasty.
Uhhh ?
I can't believe people are commenting in here not knowing that FTP is plaintext. Any infosec 101 book will tell you this. Along with telnet.
Most 'infosec 101' books also tell you buffer overflows, XSS and other such shit cause problems, yet people post that here all day.
Don't use them, use the secure alternatives, such as FTPS or SFTP (which is indeed a subprocess of SSH, look at sshd.conf if you don't believe me, nevermind that it was already covered) and SSH in place of telnet. Those protocols are specifically meant to replace their insecure counterparts.
You can't tell me what to do.
Here's a few references on this "discovery." http://forum.filezilla- project.org/viewtopic.php?f=2&t=5906&p=20285&hilit=xml+plaintext#p2 0285 http://forum.filezilla- project.org/viewtopic.php?f=4&t=1328&p=4660&hilit=xml+plaintext#p46 60
http://www.bufferoverflow.com http://www.google.net http://lololololol.info
If you don't want your passwords stored in this manner, remember your passwords or use a password manager.
Stop telling me what to do. You are wrong anyway, suck my foot old man. J -- Fly in style. Click here for information on private jets. http://tagline.hushmail.com/fc/Ioyw6h4eR3JbzP6haQwUcBJWOV4NawQKJfp6PNWZTthbNJpHNeION6/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Micheal Cottingham (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- <Possible follow-ups>
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Joey Mengele (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Andrew Farmer (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Valdis . Kletnieks (Apr 21)
- Re: Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Garrett M. Groff (Apr 21)
- Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) Turgut Baumann (Apr 23)