Jump to content


Password encryption

  • This topic is locked This topic is locked
1 reply to this topic

#1 King555

  • Members
  • 2 posts
  • Gender:

Posted 07 March 2008 - 07:21 PM

This is not a real bug, but I think it can be called a security vulnerability. There exists a virus (I don't know the exact name, something with "Beagle" in it, I think), which reads all passwords stored in the SmartFTP favourites (latest version of the software) and sends them elsewhere.

I don't know if the passwords are already encrypted or not, but in both cases this should be improved.

I had a virus last sunday and afterwards in four FTP root directories, all stored ONLY in SmartFTP, a file called "ftpchk3.php" and "ftpchk3.txt" was found. Everytime uploaded from a different IP.

Edit: If you ask, what this has to do with SmartFTP, here some clear words: There is a virus, which reads login data explicitly from SmartFTP.

Edited by King555, 07 March 2008 - 08:19 PM.

#2 mb



  • Administrators
  • 11969 posts
  • Gender:
  • Location:

Posted 22 April 2008 - 04:26 PM

SmartFTP already encrypts the passwords in the favorites. But it needs to decrypt it when it connects to a server. But this doesn't prevent any any other application to do the same. This is the same case for all products that store plain text passwords. This is also the reason why the SmartFTP favorites importer can decrypt the password from all popular FTP clients.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users