Opened 16 years ago

Last modified 16 years ago

#3421 closed Bug report

Huge password security issue

Reported by: axelitus Owned by:
Priority: low Component: FileZilla Client
Keywords: Cc: axelitus, Tim Kosse
Component version: Operating system type:
Operating system version:


I'm using FileZilla v3.0.7.1 from PortableApps and I don't know if this is a bug or just a cofiguration issue but it's worth mentioning it.

The SiteManager looks as the sites were safe, but they aren't. FileZilla saves the site from SiteManager in a configuration file called sitemanager.xml (a plain text file containgin some xml formatted data).

(In previous versions the sites where contained inside the settings.xml) In FileZilla v2.x the passwords for the sites where encrypted with some sort of algorithm, but as I checked the sitemanager.xml file I discovered that the passwords are saved in plain text. Well this is a very huge security issue as gaining access to the xml will reveal the passwords of the server.

Is this how FileZilla works? Are there future plans to secure the sites stored in the sitemanager.xml file?

Change History (1)

comment:1 by Tim Kosse, 16 years ago

This is by design. Duplicate of several other, rejected bug reports. Go read a book about security.

Note: See TracTickets for help on using tickets.