Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

From: "jipe foo" <foojipe () gmail com>
Date: Wed, 23 Apr 2008 18:26:48 +0200
2008/4/22 Joey Mengele <joey.mengele () hushmail com>:

Valdis,


 On Mon, 21 Apr 2008 22:53:55 -0400 Valdis.Kletnieks () vt edu wrote:
 >On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
 >
 >> So are you trying to suggest compression is not as secure as
 >> encryption? Have you even *read* the RFC in question?
 >
 >The design goal of most compression algorithms is that *anybody*
 >can take
 >the compressed data and get back the original.  The design goal of
 >most
 >encryption is that *only the intended recipient* can decrypt and
 >get the
 >original data back.
 >

 I think you have your terms mixed up, insert foot here LOLOL. And
 you didn't answer my question. Have you even *read* the RFC in
 question? And please, no "you must work at a fast food restaurant"
 cop outs this time.



Sorry for not joining this incredibly interesting conversation about
the ftp RFC ;-)
but the original post was about the security of the passwords on the support not
on the wire.

So Carl, as the default installation directory is %APPDATA%\FileZilla
and %APPDATA%
is likely to be a subdirectory of the user's %HOMEPATH% (only readable
by the corresponding
user himself), I would like to say... WTF ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: