Comments on: Warning: FileZilla FTP Passwords now Stored in Plaintext

By: slotenmaker

slotenmaker — Sat, 26 Nov 2011 09:39:23 +0000

I am not gonna stop using FileZilla at my primary FTP client, but this is really good to know.
Maybe remove the XML file each time ?

By: At Least Take Me to Dinner First | An Utter Waste of Time

At Least Take Me to Dinner First | An Utter Waste of Time — Mon, 29 Aug 2011 02:54:15 +0000

[...] http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ [...]

By: Alvaro Gomez

Alvaro Gomez — Fri, 26 Aug 2011 06:09:18 +0000

Thanks it really helped

By: shreya

shreya — Wed, 03 Aug 2011 05:27:01 +0000

Hello,
I usually access confidential data as a part of my job.
But once i had accessed an FTP site using FireFTP using mozilla firefox on someone else’s machine with remember password enabled. But later I deleted that account. Is there any possibility of recovering that account by that person, & which are the locations where the password for that account can be stored.
I am really worried because this can lead to huge loss. Please help, Its very urgent so that i can take some action.

By: David Hervieux

David Hervieux — Mon, 28 Mar 2011 01:38:18 +0000

Hi,
You can use Remote Desktop Manager to store your password safely for Filezilla. The Enterprise Edition also support to supply automatically your KeePass credentials to Filezilla.

http://remotedesktopmanager.com/

By: Julian

Julian — Fri, 28 Jan 2011 15:06:32 +0000

Hi,

just to let you know what can happen due to this vulnerability: http://www.phpbb.com/community/viewtopic.php?f=46&t=2118751

this is just one of many examples over the past week.

I’m glad it didn’t happen to me yet and I kicked filezilla off my computer and will use WinSCP from now on.

greetings

By: Dilip Gupta

Dilip Gupta — Mon, 15 Nov 2010 10:27:39 +0000

Hey Boddy….

I am using win2k server. I have searched the files u mention but unable to get the files filezilla.xml. Can u any one please suggest me to get store ftp server pawword to retreave from filezilla firefox.

Regards
Dilip Gupta

By: Aidan

Aidan — Thu, 23 Sep 2010 05:43:24 +0000

My Solution is to use KeePass (a free open source password manager) to store all the connection details instead of using FileZilla’s site manager. KeePass has some automation features that then allows me to fire up FileZilla and log in to the FTP site. I can even use it to set local and remote directory paths. Here’s how I set it up:
http://sww.co.nz/an-alternative-to-storing-passwords-in-filezilla-or-other-ftp-clients/

Cheers,
Aidan

By: AnA Blog » FileZilla password recovery

AnA Blog » FileZilla password recovery — Tue, 14 Sep 2010 22:42:34 +0000

[...] passwords turned out to be unencrypted (plain text) for FileZilla 3.3.4.1 and they are located at %APPDATA%FileZilla . Look out for sitemanager.xml [...]

By: Keith

Keith — Fri, 20 Aug 2010 10:59:30 +0000

Got hacked on 15Aug2010, 50 sites on two servers.

Javascript from .ro attacked all types of index files as well as every .js in the servers.

There is no point in reporting this to the Filezilla forum because of their hostile and arrogant attitude.

I love Filezilla and have a solution – I installed Filezilla Portable from http://portableapps.com/apps/internet/filezilla_portable and it runs on a usb memory stick. No Filezilla files are copied to my windows machine.

Now simply plug in the stick when I have changes to make and remove it afterwards!