Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Filezilla's silent caching of user's credentials
From: Adnan Vatandas <adnan.vatandas () googlemail com>
Date: Thu, 14 Oct 2010 01:24:27 +0200

Stop logging into your FTP server from a public terminal with Filezilla.

It's about a program insecurely and permanently storing user
credentials without informing the user about this - in many cases
certainly uncalled - behaviour.

This issue is not about public terminals or users uploading
their backup files to indexed, publicly readable web shares.

Argumenting that the issue was about "someone gaining access to the
file" is not valid. There's code in a program silently writing highly
information to places where they are not wanted and not expected by
most users - proven by all the recentservers.xml files on Google.


Adnan Vatandas

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]