Bug ID 934256
Summary Passwords maintained by Filezilla are easily recovered in some cases
Classification openSUSE
Product openSUSE Distribution
Version 13.2
Hardware Other
OS openSUSE 13.2
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter Greg.Freemyer@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I'm testing with LaZagne:

http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html

Or in OBS @  home:gregfreemyer:Tools-for-forensic-boot-cd  LaZagne

Running LaZagne under my normal user account recovered one filezilla stored
passwd.

The amount of time taken was near instantaneous so I believe the password was
simply decoded, not cracked in the sense of "John the ripper".

The password was associated with a SFTP account, so it is a password I consider
needing to be kept securely.

I don't know if Filezilla simply handles passwords poorly or if it can be
compiled differently to store passwords securely.

You are receiving this mail because: