Old 06-23-2010, 06:35 AM   #1
Junior Member
FlashFXP Registered User
Join Date: Nov 2009
Location: In my office :(
Posts: 6
Exclamation Encrypt Plain Text Password files - Security Issue

On June 16, 2010 I found that two of my hosting servers were compromised. Malicious JavaScript had been added to the index files on 4 different business websites. I restored and recovered immediately.

After digging around for a long time, I came across this thread: 10-ftp-clients-malware-steals-credentials-from
This is what happened to me.

PLEASE change FlashFxP so that the site manager does not save credentials in a plain text file. This is urgent and should become priority #1 because this maleware is still undetectable and seems to be increasing in activity.

FlashFxP MUST come off this list in order for it to continue being a safe choice for IT professionals.

Thank You
Chronwin is offline  
Old 06-23-2010, 07:10 AM   #2
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
bigstar's Avatar
Join Date: Oct 2001
Posts: 8,012


FlashFXP does not save passwords in plain text, however since the encryption is universal it makes it very weak by default, the solution is to use Application password protection (From the main menu > Sites > Security > Set Password) this will encrypt all of your data files using a strong encryption method. By using this feature you will be prompted for your password each time you start FlashFXP.
bigstar is offline  
Old 06-23-2010, 07:22 AM   #3
Junior Member
FlashFXP Registered User
Join Date: Nov 2009
Location: In my office :(
Posts: 6

I can't believe I overlooked that.
Thank you for being so thorough in your programming, and getting back so quick.

I can't remember, does the default install ask you to set a pass?
Maybe it should insist on it in future releases???
Chronwin is offline  
Old 06-23-2010, 07:47 AM   #4
Super Duper
FlashFXP Beta Tester
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881

FlashFXP had this functionality since at least 2002
people just don't read help files anymore
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline  
Closed Thread

login, malware, passwords, plain text, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 11:07 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)