Opened 7 months ago

#12153 new Bug report

SSL Private Key Password unencrypted

Reported by: Romain Owned by:
Priority: critical Component: FileZilla Server
Keywords: SSL, security Cc:
Component version: Operating system type: Windows
Operating system version: Windows 2016

Description

I just discovered the SSL private Key password is left unencrypted in the settings files (FileZilla Server.xml)

This is a big security issue has anyone can stole the key...

Note : The admin password is also left unencrypted in the file

Change History (0)

Note: See TracTickets for help on using tickets.