filezilla stores passwords in (almost) plain text

When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it.

        <Pass encoding="base64">base64 encoded password</Pass>

So what is the master password for? Etablishing a wrong sense of safety? doh. shows us that filezilla is doing it that way for years already.

inurl:“sitemanager.xml“ ext:xml -git

DON’T store your passwords in filezilla.

Leave a Comment