Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 18 Apr 2008 16:16:59 -0400

Valids,

On Fri, 18 Apr 2008 16:10:41 -0400 Valdis.Kletnieks () vt edu wrote:
On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said:
I disagree, read the RFC. There are plenty of more secure FTP 
clients such as the OpenSSH.com groups proactive secure Secure 
FTP 
(sftp) implementation of FTP.

Right, except that SFTP isn't the RFC959 protocol that lives on 
ports 20/21,
it's an entirely different protocol layered on top of the OpenSSH 
on port 22.

If you actually *do* "read the RFC", RFC959, section 4.1.1 says:


Then how do you explain the security offered by section 3.4.3 of 
RFC959? Or did you just skip over that...

J

--
Own your own business.  Click here to start making money owning your own franchise.
http://tagline.hushmail.com/fc/Ioyw6h4fPmWsA2fzSQ6klsvwitr5lyEN7uWRbhg5RUfeRgV7wM17Gg/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]