Opened 19 years ago
Last modified 10 years ago
#938 closed Bug report
FileZilla weakly-encrypted password vulnerability (?)
| Reported by: | xtejclbtmt | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Server |
| Keywords: | Cc: | xtejclbtmt, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
..I didn't see any news or other information on the SF
site, so I'm forwarding this for the developers:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/036775.html
(or, http://tinyurl.com/8adcf)
I'm not a programmer/coder so I couldn't check the POC
for myself, but I wanted to pass this on to the
developers of Filezilla.
p.s.: Great app, besides all this. Keep Coding!
X
Change History (2)
Note:
See TracTickets
for help on using tickets.
It's not a vulnerability it's by design. Every single
program which can store passwords transparently is affected
by this problem. Every single webbrowser, every single
e-mail client and every single ftp client including
FileZilla, on every single operation system.
Think about it, there's no way to transparently store
passwords in a secure way.