Ticket #4206 (closed Patch: fixed)
FileZilla may submit wrong password for a anonymous account
|Reported by:||base10k||Owned by:||JNKCoetzee|
|Operating system type:||Linux||Operating system version:||Ubuntu 8.10|
When using the Quickconnect bar to connect to a server with the username "anonymous" it seems that FileZilla ignores the entered password and submits a default password.
If you control the server:
- create the account with the username of "anon" instead of "anonymous".
- Configure the server to accept all passwords for an account with the username "anonymous" (not always preferable, anonymous does not mean open to all).
- Change the password of the account to match FileZilla's default anonymous password (same problem as above, this would give access to everyone using FileZilla).
If you only control the client:
- Add the account into the Site manager and select the logontype "normal", this will cause your password to be written to disk in cleartext, not preferable on shared computers (easily recovered even if deleted, unless you 'shred' the file or it is overwritten)
FileZilla version: 3.1.2 (Linux AMD64).
I was connecting to an account using sftp. (the server was openSSH's internal-sftp, version 5.1)