Bugtraq mailing list archives
Re: A wee caveat - the freeware WAR-ftp server (most versions)
From: jgaa () MAIL JGAA COM (Jarle Aase)
Date: Wed, 14 Oct 1998 09:36:34 +0200
I can confirm that War FTP Daemon 1.70 beta does store the user database, including passwords, in 'clear' text. This is simply because the encryption module in the beta version of the new server is unimplemented at this time. Under NT/NTFS, the user database can be protected using standard NT security. The 'official' release (1.65/1.66x) does encrypt the user database, and so will beta 2 of 1.70. - Jarle Aase Author of freeware. For support/suggestions: alt.comp.jgaa (newsgroup) For information: info () mail jgaa com(email, auto-responder) Private Email: jgaa () mail jgaa com WWW: http://www.jgaa.com/ <no need to argue - just kill'em all!>
Current thread:
- Yet more Rconsole. JB (Oct 09)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)
- Re: False security in switches and a little more Rconsole. Mark Boolootian (Oct 13)
- A wee caveat - the freeware WAR-ftp server (most versions) Mnemonix (Oct 12)
- Re: A wee caveat - the freeware WAR-ftp server (most versions) Jarle Aase (Oct 14)
- Cisco security notice: CSCdk43920 command history release security-alert () cisco com (Oct 14)
- <Possible follow-ups>
- Re: Yet more Rconsole. Serge Pimenov (Oct 13)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)