[Bug 934256] New: Passwords maintained by Filezilla are easily recovered in some cases
http://bugzilla.opensuse.org/show_bug.cgi?id=934256 Bug ID: 934256 Summary: Passwords maintained by Filezilla are easily recovered in some cases Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Greg.Freemyer@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I'm testing with LaZagne: http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html Or in OBS @ home:gregfreemyer:Tools-for-forensic-boot-cd LaZagne Running LaZagne under my normal user account recovered one filezilla stored passwd. The amount of time taken was near instantaneous so I believe the password was simply decoded, not cracked in the sense of "John the ripper". The password was associated with a SFTP account, so it is a password I consider needing to be kept securely. I don't know if Filezilla simply handles passwords poorly or if it can be compiled differently to store passwords securely. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=934256 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Version|13.2 |201505* CC| |astieger@suse.com, | |security-team@suse.de Component|Security |Network Found By|--- |Community User Assignee|security-team@suse.de |bnc-team-screening@forge.pr | |ovo.novell.com Resolution|--- |UPSTREAM Product|openSUSE Distribution |openSUSE Factory Target Milestone|--- |201505* Severity|Normal |Enhancement --- Comment #1 from Andreas Stieger <astieger@suse.com> --- This feature is not currently available in the filezilla client. Below are the unimplemented upstream feature requests. Password Encryption // Master Password http://trac.filezilla-project.org/ticket/8173 Encrypt stored passwords (using file system facilities; NOT master password) http://trac.filezilla-project.org/ticket/5530 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=934256 Rick Stockton <rickstockton@reno-computerhelp.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1183820 -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com