| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <328383FD-8933-469F-8A5A-BD0B68BBB563@gmail.com> Date: Mon, 21 Apr 2008 14:21:21 -0700 From: Andrew Farmer <andfarm@...il.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml) On 21 Apr 08, at 12:43, Valdis.Kletnieks@...edu wrote: > On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said: >> Exactly, I was talking about the RFC that supersedes that >> particular RFC. > > 0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985. > (Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by > RFC2228, > RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD) There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", which might look superficially like encryption to the untrained eye. However, it appears that most modern FTP clients (and many FTP servers, in fact) don't support it. Also, it's not encrypted. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists