|Reported by:||ftpuserd||Owned by:|
|Keywords:||password encrypt security||Cc:||yerenkov.scott@…|
|Component version:||Operating system type:||Windows|
|Operating system version:||All|
Just found out about this due to a recurrent series of website hacks which seem on investigation to be to this error.
It's really lax. Even if FZ is not being used at the time, any virus or malware can scoop up the ftp addresses, usernames and passwords.
I have been recommending FZ for years, but I am now putting out an advisory to stop using it as a matter of urgency. For those using it to manage a lot of sites, a single infection on a client machine could trigger weeks of server clean-up work.
And I'm frankly shocked by the developer's response to tickets and forum posts on this over the years. It borders on negligence for such an otherwise excellent tool.