Custom Query (7870 matches)
Results (61 - 63 of 7870)
|#7812||worksforme||FileZilla crash when Windows Homegroup device disconnected|
Filezilla crashes when I access my laptop from FileZilla, then disconnect the laptop from my Homegroup and try to navigate away from the laptop directory.
Steps to reproduce the crash:
|#3501||overload CPU when download files|
If put a file in server, the CPU load is low, but when get, the CPU load is over 66% of one core.
Core2Duo 2.16GHz 1GB/Ram, Tred @100Mbps over 11.5MB/s
|#2400||Vulnerability: FileZilla Server Interface Password|
This request is in reference to a Bug Tracker artifact about the plain text password for the FileZilla Server Interface. Refer to the following URL for the artifact: https://sourceforge.net/tracker/?group_id=21558&atid=372241&func=detail&aid=1275925
Basically, it has been stated that the interface password appearing in plain text is by design, due to the authentication method used between server and interface.
While it is possible to maintain security of the server by ensuring proper file/folder permissions are set, thus denying access to the file by non-administrators, this would only work if everything remained on the same system. If one were to use the interface from a remote system, through the Internet, and the remote system did not have sufficient file/folder permissions, a security risk then arises. It would theoretically be possible for anyone to obtain the server administrator password, access the server, change any user password they wanted, then log in as that user and retrieve any file that user has access to.
In order to plug this hole, local administrators would have to make sure there is absolutely no possible way to access the server configuration file by non-administrators. Remote administrators would have to either do the same for the interface configuration file, or remember to delete or edit the interface configuration file to ensure the password cannot be obtained by non-administrators.
As stated in the referenced Bug Tracker artifact, an MD5 hash for this password is not possible. My request is simply what about another obfuscation method? I've dabbled with obfuscation in Perl scripts I've written.
challenge-response authentication, which suggests it is possible to encode secret text used for authentication.
So, isn't it possible that there is at least one obfuscation method that could work with the current authentication method in FileZilla Server and its interface?