[8214] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: A wee caveat - the freeware WAR-ftp server (most versions)

daemon@ATHENA.MIT.EDU (Jarle Aase)
Wed Oct 14 15:58:52 1998

Date: 	Wed, 14 Oct 1998 09:36:34 +0200
Reply-To: Jarle Aase <jgaa@MAIL.JGAA.COM>
From: Jarle Aase <jgaa@MAIL.JGAA.COM>
X-To:         Mnemonix <mnemonix@GLOBALNET.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <01BDF66C.5D6E9130@jupiter>

I can confirm that War FTP Daemon 1.70 beta does store the user database, including passwords, in 'clear' text. This is simply because the encryption module in the beta version of the new server is unimplemented at this time.

Under NT/NTFS, the user database can be protected using standard NT security.

The 'official' release (1.65/1.66x) does encrypt the user database, and so will beta 2 of 1.70.

-
Jarle Aase
Author of freeware.

For support/suggestions: alt.comp.jgaa (newsgroup)
For information: info@mail.jgaa.com(email, auto-responder)
Private Email: jgaa@mail.jgaa.com
WWW: http://www.jgaa.com/
<no need to argue - just kill'em all!>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8214] in bugtraq

Re: A wee caveat - the freeware WAR-ftp server (most versions)

daemon@ATHENA.MIT.EDU (Jarle Aase)Wed Oct 14 15:58:52 1998

daemon@ATHENA.MIT.EDU (Jarle Aase)
Wed Oct 14 15:58:52 1998