Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Mon, 21 Apr 2008 15:10:56 -0400

Michael,

On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham 
<techie.micheal () gmail com> wrote:
But, but, feet are tasty.


Uhhh ?

I can't believe people are commenting in here not knowing that FTP 
is
plaintext. Any infosec 101 book will tell you this. Along with 
telnet.

Most 'infosec 101' books also tell you buffer overflows, XSS and 
other such shit cause problems, yet people post that here all day.

Don't use them, use the secure alternatives, such as FTPS or SFTP
(which is indeed a subprocess of SSH, look at sshd.conf if you 
don't
believe me, nevermind that it was already covered) and SSH in 
place of
telnet. Those protocols are specifically meant to replace their
insecure counterparts.


You can't tell me what to do.

Here's a few references on this "discovery."

http://forum.filezilla-
project.org/viewtopic.php?f=2&t=5906&p=20285&hilit=xml+plaintext#p2
0285
http://forum.filezilla-
project.org/viewtopic.php?f=4&t=1328&p=4660&hilit=xml+plaintext#p46
60


http://www.bufferoverflow.com 
http://www.google.net
http://lololololol.info

If you don't want your passwords stored in this manner, remember 
your
passwords or use a password manager.


Stop telling me what to do. You are wrong anyway, suck my foot old 
man. 

J

--
Fly in style.  Click here for information on private jets.
http://tagline.hushmail.com/fc/Ioyw6h4eR3JbzP6haQwUcBJWOV4NawQKJfp6PNWZTthbNJpHNeION6/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]