Opened 14 years ago

Last modified 6 years ago

#938 closed Bug report

FileZilla weakly-encrypted password vulnerability (?)

Reported by: xtejclbtmt Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc: xtejclbtmt, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

..I didn't see any news or other information on the SF
site, so I'm forwarding this for the developers:

http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/036775.html
(or, http://tinyurl.com/8adcf)

I'm not a programmer/coder so I couldn't check the POC
for myself, but I wanted to pass this on to the
developers of Filezilla.

p.s.: Great app, besides all this. Keep Coding!

X

Change History (2)

comment:1 Changed 14 years ago by Tim Kosse

It's not a vulnerability it's by design. Every single
program which can store passwords transparently is affected
by this problem. Every single webbrowser, every single
e-mail client and every single ftp client including
FileZilla, on every single operation system.

Think about it, there's no way to transparently store
passwords in a secure way.

Note: See TracTickets for help on using tickets.