BUG: Ftp password for nobody not changed

Problems with the Mac OS X version of XAMPP, questions, comments, and anything related.

BUG: Ftp password for nobody not changed

Postby UnnamedMook » 13. August 2011 07:01

This isn't a support question, but I've found a security hole/bug and I didn't see any bug reporting area on the website. XAMPP does not correctly check that the ftp password for the user nobody has been changed from "xampp". This is true both in the control panel (http://localhost/xampp/security.php) and when running the "xampp security" script. Furthermore, the xampp security script does not actually change the password when it claims to. I know that both by testing using a FTP client, and by looking at XAMPP/xamppfiles/etc/proftpd.conf directly; there is no change in the password hash after running the xampp security script.
UnnamedMook
 
Posts: 2
Joined: 13. August 2011 05:36

Re: BUG: Ftp password for nobody not changed

Postby JonB » 14. August 2011 18:02

you could give a run at reporting it
http://bugs.xampp.org/my_view_page.php

or Message/mail the Project leader 'Oswald'

8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
XAMPP Version: 1.8.3-2
Operating System: Windows XP/7 - Fedora 15 1.7.7


Return to XAMPP for Mac OS X

Who is online

Users browsing this forum: No registered users and 4 guests