This is an issue because it goes against every basic security principle out there.njpsolid wrote:Its safe using filleZillla. That is why you have preferences. You can clear quickly clear your user cpanel details using the Quickconnect. I dont see why this is an issue.
Just learned that FileZilla stores passwords in clear text
Moderator: Project members
-
- 503 Bad sequence of commands
- Posts: 20
- Joined: 2013-08-07 16:17
- First name: Frank
- Last name: Tanner
Re: Just learned that FileZilla stores passwords in clear te
-
- 500 Command not understood
- Posts: 2
- Joined: 2021-07-08 14:19
- First name: John
- Last name: Bentley
Re: Just learned that FileZilla stores passwords in clear text
Tim Kosse, it seems that over time you've come to see the wisdom in providing the ability to encrypt site specific passwords, with your Master Password feature. As mentioned, for example, in Site Manager password security.
With Master password enabled (Edit > Settings > Interface > Passwords >) I see (on windows for example) in C:\Users\John\AppData\Roaming\FileZilla\sitemanager.xml values like ...
Presumably an attacker getting access to sitemanager.xml couldn't use the public key and private key to decode an FTP site's password, without also being in possession of the Master Password. Is that right?
With Master password enabled (Edit > Settings > Interface > Passwords >) I see (on windows for example) in C:\Users\John\AppData\Roaming\FileZilla\sitemanager.xml values like ...
Code: Select all
<Pass encoding="crypt" pubkey="[long length of radnom characters]">[long length of radnom characters, presumably the private key]</Pass>