Re: Windows Explorer may expose FTP passwords in plaintext

From: "Brian Knittel" <brian@xxxxxxxxxxxxxxx>
Date: Sat, 19 Jul 2008 14:31:58 -0700

Stefan got the point: a computer should never display a previously entered
password in clear text, no matter what, and I have observed Windows doing
just that.

Has anyone else observed this behavior following the steps I outlined?

Please add this additional step:

When you are viewing the remote FTP directory using Windows Explorer,
drag a file from the FTP directory onto your desktop. Then, close Explorer,
reopen it, and type ftp:// into the Address window. (I just noticed that
the
passwords I see are all on URIs that have filenames)

Could you please test this, and if you have a positive result (that is, you
see the password), please post a response. It would help if you noted your
version of Windows and Service Pack level.

Or, if you have a negative result, that is, you drag a file to your desktop,
and the next time you open Explorer and type ftp:// into the Address bar you
DO NOT see the password, please also post a response, if others haven't
already done so for your particular version+SP level of Windows.

Please, in the interest of keeping on topic, let's just focus on this one
behavior, and save discussions of network protocol security, public
computers and the like for another day.

.

Follow-Ups:
- Re: Windows Explorer may expose FTP passwords in plaintext
  - From: Anteaus
- Re: Windows Explorer may expose FTP passwords in plaintext
  - From: Shenan Stanley

References:
- Windows Explorer may expose FTP passwords in plaintext
  - From: Brian Knittel

Prev by Date: Re: FIX for ZoneAlarm & KB951748 issue released
Next by Date: Re: Windows Explorer may expose FTP passwords in plaintext
Previous by thread: Re: Windows Explorer may expose FTP passwords in plaintext
Next by thread: Re: Windows Explorer may expose FTP passwords in plaintext
Index(es):
- Date
- Thread

Relevant Pages

Re: IE TOOLBAR!
... You may even have to do more than is in my Spyware section of ... You should also empty your Internet Explorer Temporary Internet ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: CPU useage
... tool for investigating CPU usage is Process Explorer. ... Also with regard to Internet Explorer do you have lots of windows / ... You can access Event Viewer by selecting Start, ...
(microsoft.public.windowsxp.help_and_support)
Re: IE launching when Firefox is default browser
... If you select shortcuts via Windows Explorer then it is naturally ... Links folder via the Links Toolbar that I am finding problematic. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Great SWT Program
... Invisible extra things to backspace away are going to trip ... This indicates that Windows is not seeing the same input ... drag and drop oddities in Explorer indicate a similar problem; ... command prompt instead of a different task; ...
(comp.lang.java.programmer)
Re: Explorer crashing on context menu
... that explorer refused start at all) so back to SP1. ... Does 'Checksum' mean checksum in windows executable header? ... > to what you are reporting. ... > to install free ShellExView and to try disabling these ...
(microsoft.public.windowsxp.general)