Hello guys, I'm sharing with you an existing flaw in LibraryBox 2.1 that allow any connected user to sniff your ftp password.
LibraryBox use ftp for file transfer instead of sftp(secure ftp), which makes it vulnerable for sniffing. I use Kali Linux to do this, using wireshark, I sniffed the ftp username/password WHILE the admin user is authenticating. Is there a way to fix this or at least install sftp.
--
You received this message because you are subscribed to the Google Groups "LibraryBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to librarybox+unsubscribe@googlegroups.com.
To post to this group, send email to libra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/librarybox/6e035d14-1c24-434b-9d26-2f8e7dc66ba4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
I also investigated in using sftp over ftp.Hello,yes.The built in sftp:- has a 1:1 relationship with the user accounts- no session limits (to prevent overload)- no anonymous access possible.The only way to solve this is to use self signed certs together with FTP over SSL....best regardsMatthias
2016-12-16 19:56 GMT+01:00 jeph300 <drakec...@gmail.com>:
Hello guys, I'm sharing with you an existing flaw in LibraryBox 2.1 that allow any connected user to sniff your ftp password.
LibraryBox use ftp for file transfer instead of sftp(secure ftp), which makes it vulnerable for sniffing. I use Kali Linux to do this, using wireshark, I sniffed the ftp username/password WHILE the admin user is authenticating. Is there a way to fix this or at least install sftp.
--
You received this message because you are subscribed to the Google Groups "LibraryBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to librarybox+...@googlegroups.com.
To post to this group, send email to libra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/librarybox/6e035d14-1c24-434b-9d26-2f8e7dc66ba4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "LibraryBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to librarybox+...@googlegroups.com.
To post to this group, send email to libra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/librarybox/CAAuLk%2BE18%3DA8PC%3DfAQKLGnaiQ3R3zmoeDO2q4e6MG8vU1h-8Og%40mail.gmail.com.