[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Filezilla's silent caching of user's credentials
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Filezilla's silent caching of user's credentials
- From: Adnan Vatandas <adnan.vatandas@xxxxxxxxxxxxxx>
- Date: Thu, 14 Oct 2010 01:24:27 +0200
> Stop logging into your FTP server from a public terminal with Filezilla.
It's about a program insecurely and permanently storing user
credentials without informing the user about this - in many cases
certainly uncalled - behaviour.
This issue is not about public terminals or users uploading
their backup files to indexed, publicly readable web shares.
Argumenting that the issue was about "someone gaining access to the
file" is not valid. There's code in a program silently writing highly
sensitive
information to places where they are not wanted and not expected by
most users - proven by all the recentservers.xml files on Google.
--
Adnan Vatandas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/