[11818] in bugtraq
Re: gftp - ms ftp debug mode
daemon@ATHENA.MIT.EDU (Bencsath Boldizsar)
Fri Sep 10 13:09:56 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9909082259470.26915-100000@sas.fph.hu>
Date: Wed, 8 Sep 1999 23:18:04 +0200
Reply-To: Bencsath Boldizsar <boldi@BUDAPEST.HU>
From: Bencsath Boldizsar <boldi@BUDAPEST.HU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <99090511470400.01784@Cluestack.hb.se>
M$ win98 ftp client displays password on screen in cleartext in debug
mode.
I think, even in debug mode it is not a good idea to display passwords on
screen, by the way, who the hell wants to debug an ftp server's password
function with m$ ftp client.
The debugging feature is useful, but I think not for this one.
ftp> debug
Debugging On .
ftp> open ftp.ebizlab.hit.bme.hu
Connected to ftp.ebizlab.hit.bme.hu.
220 ProFTPD 1.2.0pre4 Server (E-Biz ftp server)
[fermat.ebizlab.hit.bme.hu]
User (ftp.ebizlab.hit.bme.hu:(none)): foo
---> USER foo
331 Password required for foo.
Password:
---> PASS bar
530 Login incorrect.
the same under unix:
ftp> open ftp.bme.hu
Connected to goliat.eik.bme.hu.
220 goliat FTP server (SunOS 5.7) ready.
Name (ftp.bme.hu:root): foo
---> USER foo
331 Password required for foo.
Password:
---> PASS XXXX
530 Login incorrect.
Login failed.
--------------------------------
Bencsath Boldizsar
boldi@ebizlab.hit.bme.hu
--------------------------------
