mailing list archives
Re: Security issue in Filezilla 22.214.171.124:passwords are stored in plain text (sitemanager.xml)
From: Valdis.Kletnieks () vt edu
Date: Fri, 18 Apr 2008 16:24:13 -0400
On Fri, 18 Apr 2008 16:16:59 EDT, Joey Mengele said:
Then how do you explain the security offered by section 3.4.3 of
RFC959? Or did you just skip over that...
3.4.3. COMPRESSED MODE
There are three kinds of information to be sent: regular data,
sent in a byte string; compressed data, consisting of
replications or filler; and control information, sent in a
two-byte escape sequence. If n>0 bytes (up to 127) of regular
data are sent, these n bytes are preceded by a byte with the
left-most bit set to 0 and the right-most 7 bits containing the
If you think run-length-encoding compression is security, you're even less
clued than I thought.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/