View Single Post
Old 10-24-2002, 08:53 PM  
bigstar
FlashFXP Developer
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default FlashFXP v1.4 - FlashFXP Local Password Disclosure Vulnerability

This problem seems to be getting a lot of attention lately so I thought I should clarify exactly what this means.

v1.4 had a feature that allowed you to edit queue items, due to the way the quick connect was designed there was no simple way to edit the site ip/login/pass, so I made it simple for the user and displayed this information in plain text on the queue item edit dialog. Only sites connected to via the quick connect displayed the login/password.

In v2.0 the quick connect was redone and this problem was eliminated.

FlashFXP Local Password Disclosure Vulnerability
http://www.securiteam.com/windowsntf...C00P0U5PE.html

RUMORS
As a result of misinformation or speculation, some rumors have come about stating that this problem results in sharing all of your hard drives with no password. Which is incorrect.
bigstar is offline