| Summary: | Ftp server default account and password, there are security risks | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | wei shu <asshuwei1988> |
| Component: | Networking | Assignee: | unassigned |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.24.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
(In reply to wei shu from comment #0) > The above code specifies the default account and password for the ftp server, No it does not, this code sets up the default login and password for FTP *client*. |
int ftpgetput_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int ftpgetput_main(int argc UNUSED_PARAM, char **argv) { unsigned opt; const char *port = "ftp"; /* socket to ftp server */ #if ENABLE_FTPPUT && !ENABLE_FTPGET # define ftp_action ftp_send #elif ENABLE_FTPGET && !ENABLE_FTPPUT # define ftp_action ftp_receive #else int (*ftp_action)(const char *, char *) = ftp_send; /* Check to see if the command is ftpget or ftput */ if (applet_name[3] == 'g') { ftp_action = ftp_receive; } #endif printf("Warning: ftp is not a secure protocol, and it is recommended to use sftp. \n"); INIT_G(); /* Set default values */ user = "anonymous"; password = "busybox@"; ...... } The above code specifies the default account and password for the ftp server,if the user ftp server account and password are same with the default server account and password,The device file can be transferred without writing the account and password,there are security risks.