A “clear text password” is a common problem in file transfer security. It is a dangerous problem because it exposes credentials that allow unauthorised individuals to act with the identity and permission of trusted individuals and systems.
The problem happens in at least five different areas:
Clear text password during input: This problem occurs when end users type passwords and those passwords remain visible on the screen after being typed. This exposes passwords to “shoulder surfing” and others who may share a desktop or device. Most applications today show asterisks while a password is being typed. Modern implementations (such as the standard iPhone password interface) show the last character typed for a few seconds, then replace it with an asterisk.
Clear text password during management: This problem occurs when an operator pulls up a connection profile and can read the password off the profile when he/she really only should be using an existing profile. To avoid this problem application developers need to code a permissions structure into the management that permits use without exposing passwords. Application developers also need to be careful that passwords are not accidentally exposed in the interface, even under a “masked” display. (Perform a Google search on “behind asterisks” for more information on this.)
Clear text password during storage: This problem happens when configuration files, customer profiles or FTP scripts are written to disk and no encryption is used to protect the stored data. Application developers can protect configuration files and customer profiles, but when FTP scripts are used, alternate authentication such as client keys are often used instead of passwords.
Clear text password in trace logs: This problem occurs when passwords are written into trace logs. To avoid this problem application developers often need to special-case code that would normally dump clear text passwords to write descriptive labels like “*****” or “7-character password, starting with X” instead.
Clear text password on the wire: This problem occurs when passwords are sent across a network. To avoid this problem secure transport protocols such as SSL/TLS or SSH are often used. The most frequent cause of this problem is not application defects but operator error: when an administrator accidentally configures a client to connect without using a secure protocol, credentials are often sent in the clear.
BEST PRACTICE: All modern file transfer clients and file transfer servers should steer clear of these problems; these are entry-level security concerns and several application security design guidelines (e.g., “Microsoft’s Design Guidelines for Secure Web Applications” and the SANS Institute’s “Security Checklist for Web Application Design”) have covered this for years.