FlashFXP Forums - View Single Post - FlashFXP v1.4 - FlashFXP Local Password Disclosure Vulnerability

bigstar · 10-24-2002, 08:53 PM

This problem seems to be getting a lot of attention lately so I thought I should clarify exactly what this means.

v1.4 had a feature that allowed you to edit queue items, due to the way the quick connect was designed there was no simple way to edit the site ip/login/pass, so I made it simple for the user and displayed this information in plain text on the queue item edit dialog. Only sites connected to via the quick connect displayed the login/password.

In v2.0 the quick connect was redone and this problem was eliminated.

FlashFXP Local Password Disclosure Vulnerability
http://www.securiteam.com/windowsntf...C00P0U5PE.html

RUMORS
As a result of misinformation or speculation, some rumors have come about stating that this problem results in sharing all of your hard drives with no password. Which is incorrect.

10-24-2002, 08:53 PM
bigstar FlashFXP Developer Join Date: Oct 2001 Posts: 8,012	FlashFXP v1.4 - FlashFXP Local Password Disclosure Vulnerability This problem seems to be getting a lot of attention lately so I thought I should clarify exactly what this means. v1.4 had a feature that allowed you to edit queue items, due to the way the quick connect was designed there was no simple way to edit the site ip/login/pass, so I made it simple for the user and displayed this information in plain text on the queue item edit dialog. Only sites connected to via the quick connect displayed the login/password. In v2.0 the quick connect was redone and this problem was eliminated. FlashFXP Local Password Disclosure Vulnerability http://www.securiteam.com/windowsntf...C00P0U5PE.html RUMORS As a result of misinformation or speculation, some rumors have come about stating that this problem results in sharing all of your hard drives with no password. Which is incorrect.