I played with version 0.671 (VMware) and I think there
is a big security hole.
I enabled the sshd (It seams that the readonly flag has
no function (known bug ?) and I used on the client the
WinSCP program (Windows 2000). I use local users.
First I found that with this client I am able to see
the whole file structure. Second, I am able to copy the
xml config files with the passwords of the users in a
readable form !!!
Log in to post a comment.