October 30, 2013

DOT NOT use Filezilla anymore. Use winSCP.

I have been using Filezilla for a while now, and just discovered the following things that made me removed Filezilla from my computer immediately:


  1. Filezilla stores all sites username and passwords in clear text in a fixed location: %APPDATA%\fielzilla\sitemanager.xml
  2. Even if you do not use site manager to save your passwords, Filezilla saves all "quick connections" to a file "recentservers.xml", again with all username and passwords in clear text.
  3. A bug has been filed for Filezilla to encrypt the passwords with a master password over 3 years ago, yet no action has been taken.
This is more than bad practice. This is almost deliberately to help hackers/worms steal passwords.

Switch to "WinSCP", which is also open source, and allow you to encrypt all stored passwords with a master password.
Posted by at

3 comments:

  1. Naveen Pasem1/18/2014 4:44 AM

    Thanks.................dude

    ReplyDelete
  2. Anonymous2/09/2014 4:37 PM

    WOW! This is so true, I can't believe my eyes!!
    Just checked this location and found all my passwords clean and open to any sniffer I might possibly have.

    Thank you man!!!

    ReplyDelete
  3. Anonymous3/22/2014 7:45 AM

    Just make sitemanager.xml recentservers.xml files "read-only" problem solved doh.

    ReplyDelete

Subscribe to: Post Comments (Atom)