Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

gftp
From: viggen () ENTERPRISE SHV HB SE (Oscar Haeger)
Date: Sun, 5 Sep 1999 11:29:15 +0200

Hello.
In gFTP1.13, an FTP-client that ships with RH6.0 the password is displayed in
plain text in the log window and is also saved in plain text if you choose to
save a logfile.
Granted this is not a really big deal but if you save your download-files (and
logfile) on a public area you would be giving away your password.
I have spoken with the author and he has some new versions out which he
recommends that you get and install.
http://gftp.seol.org/
Latest version is 2.0.4 but this particular bug was fixed in 2.0.0.

The reason why I send this to bugtraq is that this ftp-client is (one
of) the default ftp-clients in RH6.0 and if you don't know about it then perhaps
you won't go through the trouble of an upgrade.

//Oscar

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]