bigstar
10-24-2002, 08:53 PM
This problem seems to be getting a lot of attention lately so I thought I should clarify exactly what this means.
v1.4 had a feature that allowed you to edit queue items, due to the way the quick connect was designed there was no simple way to edit the site ip/login/pass, so I made it simple for the user and displayed this information in plain text on the queue item edit dialog. Only sites connected to via the quick connect displayed the login/password.
In v2.0 the quick connect was redone and this problem was eliminated.
FlashFXP Local Password Disclosure Vulnerability
http://www.securiteam.com/windowsntfocus/6C00P0U5PE.html
RUMORS
As a result of misinformation or speculation, some rumors have come about stating that this problem results in sharing all of your hard drives with no password. Which is incorrect.
v1.4 had a feature that allowed you to edit queue items, due to the way the quick connect was designed there was no simple way to edit the site ip/login/pass, so I made it simple for the user and displayed this information in plain text on the queue item edit dialog. Only sites connected to via the quick connect displayed the login/password.
In v2.0 the quick connect was redone and this problem was eliminated.
FlashFXP Local Password Disclosure Vulnerability
http://www.securiteam.com/windowsntfocus/6C00P0U5PE.html
RUMORS
As a result of misinformation or speculation, some rumors have come about stating that this problem results in sharing all of your hard drives with no password. Which is incorrect.