 |
 |
|||||
 |
  |
  |
|
 |
 |
|
|
|||||||||||||
|
|||||||||||||
FTP Exposes Logon InformationMost FTP usage these days is unsecured. Transactions take place in "clear text", meaning that the user ID and password that the FTP user enters is transmitted to the FTP server in eye-readable text.Clear Text Logon SequenceA typical FTP logon sequence looks like this: Client: ftp hostnameServer: 220-MICROSOFT FTP SERVICE, 17:25:43 on 2008-06-26. Server: 220 Connection will close if idle for more than 5 minutes. Server: User (10.288.148.54:(none)): Client: myuser clear text user ID Server: 331 Send password please. Client: abcdefg clear text password Server: 230 myuser is logged on. Working directory is "myuser.". Users Compound the ExposureThe problem is made worse by the fact that users tend to use the same password for many different applications. If hackers glean an FTP password, they may be getting a password that is also used to access online checking accounts or other confidential data. |
Related Topics Anonymous FTP Is FTP a Breach Just Waiting to Happen? Breach Information |
©2008,
Software Assist Corporation. All rights Reserved
home contact
us news