Huge password security issue
|Reported by:||axelitus||Owned by:|
|Keywords:||Cc:||axelitus, Tim Kosse|
|Component version:||Operating system type:|
|Operating system version:|
I'm using FileZilla v220.127.116.11 from PortableApps and I don't know if this is a bug or just a cofiguration issue but it's worth mentioning it.
The SiteManager looks as the sites were safe, but they aren't. FileZilla saves the site from SiteManager in a configuration file called sitemanager.xml (a plain text file containgin some xml formatted data).
(In previous versions the sites where contained inside the settings.xml) In FileZilla v2.x the passwords for the sites where encrypted with some sort of algorithm, but as I checked the sitemanager.xml file I discovered that the passwords are saved in plain text. Well this is a very huge security issue as gaining access to the xml will reveal the passwords of the server.
Is this how FileZilla works? Are there future plans to secure the sites stored in the sitemanager.xml file?