New subject: [Bug 934256] Passwords maintained by Filezilla are easily recovered in some cases

10 Jun 2015


      http://bugzilla.opensuse.org/show_bug.cgi?id=934256
Bug ID: 934256
           Summary: Passwords maintained by Filezilla are easily recovered
                    in some cases
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: 13.2
          Hardware: Other
                OS: openSUSE 13.2
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: Greg.Freemyer@gmail.com
        QA Contact: qa-bugs@suse.de
          Found By: ---
           Blocker: ---
I'm testing with LaZagne:
http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html
Or in OBS @  home:gregfreemyer:Tools-for-forensic-boot-cd  LaZagne
Running LaZagne under my normal user account recovered one filezilla stored
passwd.
The amount of time taken was near instantaneous so I believe the password was
simply decoded, not cracked in the sense of "John the ripper".
The password was associated with a SFTP account, so it is a password I consider
needing to be kept securely.
I don't know if Filezilla simply handles passwords poorly or if it can be
compiled differently to store passwords securely.
-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 934256] New: Passwords maintained by Filezilla are easily recovered in some cases