Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: A wee caveat - the freeware WAR-ftp server (most versions)

Re: A wee caveat - the freeware WAR-ftp server (most versions)

Jarle Aase (jgaaMAIL.JGAA.COM)
Wed, 14 Oct 1998 09:36:34 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: security-alertcisco.com: "Cisco security notice: CSCdk43920 command history release"
Previous message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
In reply to: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"

I can confirm that War FTP Daemon 1.70 beta does store the user database, including passwords, in 'clear' text. This is simply because the encryption module in the beta version of the new server is unimplemented at this time.

Under NT/NTFS, the user database can be protected using standard NT security.

The 'official' release (1.65/1.66x) does encrypt the user database, and so will beta 2 of 1.70.

-
Jarle Aase
Author of freeware.


For support/suggestions: alt.comp.jgaa (newsgroup)
For information: infomail.jgaa.com(email, auto-responder)
Private Email: jgaamail.jgaa.com
WWW: http://www.jgaa.com/
<no need to argue - just kill'em all!>

Next message: security-alertcisco.com: "Cisco security notice: CSCdk43920 command history release"
Previous message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
In reply to: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"