I don't know if this information exists already. It is just about the security password for FTP accounts.
In the Site manager window of filezilla, we can see all informations about each ftp account we have. In one of these fields, we can store the password (using a masking character). It is not really a protection. As it is noticed during installation, it is an unsecure mode. In fact, we can get all the passwords in 2 seconds. Good new if it is the pass of one of our ftp account ..bad new, if it is not ours !
You just have to run Filezilla under a debugger. For instance, use OllyDebugger 1.1. Open the 'Site Manager', and put a Break Point on the entry of the function SetWindowTextA. Then, select your FTP account and OllyDebugger will break on the function. This function is filling each field of the window. When it tries to fill the password field, you can see clearly the password in the parameters passed to the function (without the masking characters).
So, be careful really if several users can access to filezilla on your computer.
Regards,
BeatriX (FRET)
