FileZilla-Server endangers SSL-connections!
|Reported by:||Alex||Owned by:|
|Component version:||Operating system type:||Windows|
|Operating system version:||5.1.2600|
After creation of the Security Certificate via FileZilla-Server v0.9.37 beta keeps PRiVATE_KEY into the Security_Certificate!
It is wrong and is inadmissible!
As a result of creation of the Security Certificate 2 files should be created:
- A file containing PRiVATE_KEY, for example 'pgp1.skey'
- A file containing SECURiTY_CERTiFiCATE.
(!) Inside of the Security Certificate should NOT be located PRiVATE KEY!
SECURiTY CERTiFiCATE is intended for free distribution in Internet and should NOT contain confidential data!
PRiVATE KEY should be stored only at the Owner of the Security Certificate.
This dangerous mistake is necessary for correcting URGENTLY since FileZilla Server subjects to the big risk of many users, exchanging confidential data.
I have attached the sample of the CERTIFICATE created by means of FileZilla-Server v0.9.37 beta (inside of a file contains RSA_PRiVATE_KEY).
As a whole I express gratitude for very useful and convenient program FileZilla FTP Client!