Opened 19 years ago

Last modified 10 years ago

#938 closed Bug report

FileZilla weakly-encrypted password vulnerability (?)

Reported by: xtejclbtmt Owned by:
Priority: normal Component: FileZilla Server
Keywords: Cc: xtejclbtmt, Tim Kosse
Component version: Operating system type:
Operating system version:


..I didn't see any news or other information on the SF
site, so I'm forwarding this for the developers:

I'm not a programmer/coder so I couldn't check the POC
for myself, but I wanted to pass this on to the
developers of Filezilla.

p.s.: Great app, besides all this. Keep Coding!


Change History (2)

comment:1 by Tim Kosse, 19 years ago

It's not a vulnerability it's by design. Every single
program which can store passwords transparently is affected
by this problem. Every single webbrowser, every single
e-mail client and every single ftp client including
FileZilla, on every single operation system.

Think about it, there's no way to transparently store
passwords in a secure way.

Note: See TracTickets for help on using tickets.