Go Back   FlashFXP Forums > > >

Bug Reports Report bugs here.

Thread Tools Display Modes
Old 08-02-2004, 04:05 PM   #1
Junior Member
FlashFXP Registered User
Join Date: Jul 2004
Posts: 2
Default Raiden VLS and FlashFXP 3 bug?


I'm not sure if this is a bug, if it's wrongly posted I apologise.

I've "downgraded" back to FlashFXP 2.1 build 924 and to my surprise... It worked great!

So, Is it new security implemented or?

Reference to a earlier post : http://forum.flashfxp.com/showthread...&threadid=4713
the_whisper is offline  
Old 08-02-2004, 04:17 PM   #2
Senior Member
FlashFXP Scripter
Join Date: Nov 2002
Posts: 334

This isn't a bug but a feature . The other clients (including previous flashfxp versions) do not check the certicate, while that is pretty essential for a safe transfer. So i would say install the same certicate on all servers and everything will work as it should.
Hetfield is offline  
Old 08-02-2004, 04:22 PM   #3
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
bigstar's Avatar
Join Date: Oct 2001
Posts: 8,012

This was a security vulnerability in v2.1. By not checking the fingerprint on the data channel it's possible for a middle man attack.

This issue was addressed in v3.0, If the finger print on the data channel does not match the control connection we reject the connection and display a warning.

For the sake of security and peace of mind of the user we decided to enforce this rule. Currently this cannot be disabled.
bigstar is offline  

924, bug, flashfxp, great, surprise

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 01:57 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)