Code: Select all
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Closing the data connection for the transfer connection without an orderly SSL/TLS shutdown violates the specifications. Furthermore, not performing the shutdown is indistinguishable from an attacker sending spoofed FIN TCP packets to the server, leading to truncated, yet apparently complete, successful transfers.
Previous versions of FileZilla did not detect this faulty behavior and were vulnerable to spoofed FIN packets. The most recent version correctly complains about the server.
Partial list of broken servers:
- FileZilla Server <=0.9.30
- vsftpd <=2.0.6
- ProFTPD <=1.3.2rc1
- Xlight FTP server <=2.861
- Pure-FTPd <=1.0.38
- FileZilla Server >=0.9.31
- vsftpd >=2.0.7
- ProFTPD >=1.3.2rc2
- Xlight FTP Server >=3.0
- Pure-FTPd >=1.0.39