Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security issue in Filezilla 3.0.9.2:passwords are stored in plain text (sitemanager.xml)
From: Valdis.Kletnieks () vt edu
Date: Fri, 18 Apr 2008 16:24:13 -0400

On Fri, 18 Apr 2008 16:16:59 EDT, Joey Mengele said:

Then how do you explain the security offered by section 3.4.3 of 
RFC959? Or did you just skip over that...


      3.4.3.  COMPRESSED MODE

         There are three kinds of information to be sent:  regular data,
         sent in a byte string; compressed data, consisting of
         replications or filler; and control information, sent in a
         two-byte escape sequence.  If n>0 bytes (up to 127) of regular
         data are sent, these n bytes are preceded by a byte with the
         left-most bit set to 0 and the right-most 7 bits containing the
         number n.

If you think run-length-encoding compression is security, you're even less
clued than I thought.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]