Opened 17 years ago
Last modified 17 years ago
#3421 closed Bug report
Huge password security issue
| Reported by: | axelitus | Owned by: | |
|---|---|---|---|
| Priority: | low | Component: | FileZilla Client |
| Keywords: | Cc: | axelitus, Tim Kosse | |
| Component version: | Operating system type: | ||
| Operating system version: |
Description
I'm using FileZilla v3.0.7.1 from PortableApps and I don't know if this is a bug or just a cofiguration issue but it's worth mentioning it.
The SiteManager looks as the sites were safe, but they aren't. FileZilla saves the site from SiteManager in a configuration file called sitemanager.xml (a plain text file containgin some xml formatted data).
(In previous versions the sites where contained inside the settings.xml) In FileZilla v2.x the passwords for the sites where encrypted with some sort of algorithm, but as I checked the sitemanager.xml file I discovered that the passwords are saved in plain text. Well this is a very huge security issue as gaining access to the xml will reveal the passwords of the server.
Is this how FileZilla works? Are there future plans to secure the sites stored in the sitemanager.xml file?
This is by design. Duplicate of several other, rejected bug reports. Go read a book about security.