filezilla stores passwords in (almost) plain text

When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it.

    <Server>
        <Host>Hostname</Host>
        <Port>22</Port>
        <Protocol>1</Protocol>
        <Type>0</Type>
        <User>Username</User>
        <Pass encoding="base64">base64 encoded password</Pass>
        <Logontype>1</Logontype>
        <TimezoneOffset>0</TimezoneOffset>
        (..)
    </Server>

So what is the master password for? Etablishing a wrong sense of safety? doh. https://stackoverflow.com/questions/29790136/filezilla-plain-text-password shows us that filezilla is doing it that way for years already.

https://www.exploit-db.com/ghdb/4563

inurl:”sitemanager.xml” ext:xml -git

DON’T store your passwords in filezilla.

Leave a Comment

CAPTCHA ImageChange Image

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© TLBioninformatics 2025