[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
- To: joey.mengele@xxxxxxxxxxxx, valdis.kletnieks@xxxxxx
- Subject: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Fri, 18 Apr 2008 16:16:59 -0400
Valids,
On Fri, 18 Apr 2008 16:10:41 -0400 Valdis.Kletnieks@xxxxxx wrote:
>On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said:
>> I disagree, read the RFC. There are plenty of more secure FTP
>> clients such as the OpenSSH.com groups proactive secure Secure
>FTP
>> (sftp) implementation of FTP.
>
>Right, except that SFTP isn't the RFC959 protocol that lives on
>ports 20/21,
>it's an entirely different protocol layered on top of the OpenSSH
>on port 22.
>
>If you actually *do* "read the RFC", RFC959, section 4.1.1 says:
>
Then how do you explain the security offered by section 3.4.3 of
RFC959? Or did you just skip over that...
J
--
Own your own business. Click here to start making money owning your own
franchise.
http://tagline.hushmail.com/fc/Ioyw6h4fPmWsA2fzSQ6klsvwitr5lyEN7uWRbhg5RUfeRgV7wM17Gg/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/