We have found that the HTTP Server Signature header returned by WingFTP has the name of the person who purchased the license included. For example if a person named Bob Jones purchased the license, then the HTTP Server Signature that is returned is "WingFTP Server(Bob Jones)"
Given how many random internet scanners hit every IP looking for endpoints to brute force, this disclosure is not ideal. I would like to request that the individual name be removed from the HTTP response headers and that it only be "WingFTP Server"
Sanitize HTTP Headers
-
- Site Admin
- Posts: 2094
- Joined: Tue Sep 29, 2009 6:09 am
Re: Sanitize HTTP Headers
OK, it is possible to change the string "Wing FTP Server" into your own identifier, but the string "Bob Jones" is used to validate the license, so you can't remove that string.
And we had already sent an email to you about how to change the string "Wing FTP Server".
And we had already sent an email to you about how to change the string "Wing FTP Server".