Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)

---

• From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
• Date: Mon, 21 Apr 2008 15:46:42 -0400

---

Valdis,

On Mon, 21 Apr 2008 15:43:57 -0400 Valdis.Kletnieks@xxxxxx wrote:

On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:

Exactly, I was talking about the RFC that supersedes that
particular RFC.

0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
(Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by
RFC2228,
RFC2640, RFC2773, RFC3659) (Also STD0009) (Status: STANDARD)

RFC2228 is in fact about a security extension to FTP -
unfortunately, section
4 of it does not have any subsections, so there is no 4.4.3.

RFC2640 is about internationalization of FTP, and has sections
4.3, 4.3.1,
and then 5. No 4.4.3 to be found.

RFC2773 is about encryption using SKIPJACK, but it goes from 4.0
to 5.0
with no intervening 4.4.3.

RFC3659 is about FTP extensions, but unfortunately section 4 is
about the
SIZE extension, and has a 4.4 but no 4.4.3 subsection.

So which RFC were you talking about?

I don't have time to hold your hand through this, some of us have
jobs to do other than posting RFC titles on Internet mailing lists.

Hint: When you find you've dug yourself into a hole, it's usually
not a
good idea to keep digging...

I think you have demonstrated this for everyone. Perhaps now we can
close this thread. Or do you intend to continue your hijack?

J

--
Ultimate Travel Deals - Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4dxvWYxGQfH96r7mHhCR9sgijPQtjXzxNBRhQp6ErubcppyA/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• Follow-Ups:
  • Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
    • From: Valdis . Kletnieks

• Prev by Date: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
• Next by Date: Re: [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability
• Previous by thread: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
• Next by thread: Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sit ... RFC2228 is in fact about a security extension to FTP - unfortunately, ... of it does not have any subsections, ... SIZE extension, and has a 4.4 but no 4.4.3 subsection. ... So which RFC were you talking about? ... (Full-Disclosure) Re: FTP strangeness ... So, it looks like SmartFTP is off the list as a client for VMS, Cerberus ... As demonstrated more than just VMS ftp servers do the latter - for situations ... In any case an FTP client should comply with the robustness principle of RFC ... A Server-FTP SHOULD use the reply codes defined in RFC-959 ... (comp.os.vms) Re: .txt extension added during download ... I have no way to use a FTP client. ... of the download the file is recognized as ".ab1" only, ... that the .txt extension appears. ... It looks to me that it is the user workstation, and not the server, ... (comp.sys.mac.apps) Re: Does FTP still send cleartext passwords? ... >Standard FTP implementations are completely unencrypted. ... "The" RFC? ... on which the FTP over SSL / TLS draft is ... >but if the encryption isn't part of the FTP rfc, ... (comp.security.misc) Re: A question about "Timestamp" and "Created Time" ... would need extension that will change the time to the one client provides. ... Note that basic FTP protocol does not support time changes. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)