Custom Query (7771 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (61 - 63 of 7771)

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Ticket Resolution Summary Owner Reporter
#7812 worksforme FileZilla crash when Windows Homegroup device disconnected Zack Gold
Description

Filezilla crashes when I access my laptop from FileZilla, then disconnect the laptop from my Homegroup and try to navigate away from the laptop directory.

Steps to reproduce the crash:

  1. Connect a device to your homegroup
  2. Access the device on FileZilla (Local site) by going to
    COMPUTERNAME
  3. Disconnect the same device you access
  4. Attempt to navigate away from the device
#3501 overload CPU when download files z80user
Description

If put a file in server, the CPU load is low, but when get, the CPU load is over 66% of one core.

Core2Duo 2.16GHz 1GB/Ram, Tred @100Mbps over 11.5MB/s

#2400 Vulnerability: FileZilla Server Interface Password z1of10
Description

This request is in reference to a Bug Tracker artifact about the plain text password for the FileZilla Server Interface. Refer to the following URL for the artifact: https://sourceforge.net/tracker/?group_id=21558&atid=372241&func=detail&aid=1275925

Basically, it has been stated that the interface password appearing in plain text is by design, due to the authentication method used between server and interface.

While it is possible to maintain security of the server by ensuring proper file/folder permissions are set, thus denying access to the file by non-administrators, this would only work if everything remained on the same system. If one were to use the interface from a remote system, through the Internet, and the remote system did not have sufficient file/folder permissions, a security risk then arises. It would theoretically be possible for anyone to obtain the server administrator password, access the server, change any user password they wanted, then log in as that user and retrieve any file that user has access to.

In order to plug this hole, local administrators would have to make sure there is absolutely no possible way to access the server configuration file by non-administrators. Remote administrators would have to either do the same for the interface configuration file, or remember to delete or edit the interface configuration file to ensure the password cannot be obtained by non-administrators.

As stated in the referenced Bug Tracker artifact, an MD5 hash for this password is not possible. My request is simply what about another obfuscation method? I've dabbled with obfuscation in Perl scripts I've written.

I know there are many methods of encoding secret text. The e-mail server I use supports a secure, encoded

challenge-response authentication, which suggests it is possible to encode secret text used for authentication.

So, isn't it possible that there is at least one obfuscation method that could work with the current authentication method in FileZilla Server and its interface?

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Note: See TracQuery for help on using queries.