Network Security: Detailed info on Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare s

from [Andrew Farmer] Network Security

[Permanent Link]

Subject:	Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
Date:	Mon, 21 Apr 2008 14:21:21 -0700

On 21 Apr 08, at 12:43, Valdis.Kletnieks@vt.edu wrote:

On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:

Exactly, I was talking about the RFC that supersedes that
particular RFC.


0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
    (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by  
RFC2228,
    RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)


There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", which  
might look superficially like encryption to the untrained eye.  
However, it appears that most modern FTP clients (and many FTP  
servers, in fact) don't support it. Also, it's not encrypted.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Micheal Cottingham Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), reepex Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Micheal Cottingham Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Andrew Farmer <= Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks Re: [Full-disclosure] Security issue in Filezilla3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Garrett M. Groff Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Turgut Baumann Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Joey Mengele Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), jipe foo

Previous by Date:	[Full-disclosure] Web Application Security Awareness Day, auto188821
Next by Date:	Re: [Full-disclosure] Web Application Security Awareness Day, n3td3v
Previous by Thread:	Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Next by Thread:	Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]