{"id":120,"date":"2019-05-22T18:59:07","date_gmt":"2019-05-22T18:59:07","guid":{"rendered":"http:\/\/www.unordnung.net\/?p=120"},"modified":"2019-05-22T18:59:07","modified_gmt":"2019-05-22T18:59:07","slug":"filezilla-stores-passwords-in-almost-plain-text","status":"publish","type":"post","link":"https:\/\/unordnung.net\/misc\/2019\/05\/filezilla-stores-passwords-in-almost-plain-text\/","title":{"rendered":"filezilla stores passwords in (almost) plain text"},"content":{"rendered":"\n<p>When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it.<\/p>\n\n\n<pre class=\"wp-block-code\"><code>    &lt;Server>\n        &lt;Host>Hostname&lt;\/Host>\n        &lt;Port>22&lt;\/Port>\n        &lt;Protocol>1&lt;\/Protocol>\n        &lt;Type>0&lt;\/Type>\n        &lt;User>Username&lt;\/User>\n        &lt;Pass encoding=\"base64\">base64 encoded password&lt;\/Pass>\n        &lt;Logontype>1&lt;\/Logontype>\n        &lt;TimezoneOffset>0&lt;\/TimezoneOffset>\n        (..)\n    &lt;\/Server><\/code><\/pre>\n\n\n<p>So what is the master password for? Etablishing a wrong sense of safety? doh. <a href=\"https:\/\/stackoverflow.com\/questions\/29790136\/filezilla-plain-text-password\">https:\/\/stackoverflow.com\/questions\/29790136\/filezilla-plain-text-password<\/a> shows us that filezilla is doing it that way for years already.<\/p>\n\n\n<p><a href=\"https:\/\/www.exploit-db.com\/ghdb\/4563\">https:\/\/www.exploit-db.com\/ghdb\/4563<\/a> <\/p>\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/www.google.com\/search?q=inurl:&quot;sitemanager.xml&quot; ext:xml -git\" target=\"_blank\">inurl:&#8221;sitemanager.xml&#8221; ext:xml -git<\/a><\/p>\n\n\n<p><strong>DON&#8217;T store your passwords in filezilla.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it. So what is the master password for? Etablishing a wrong sense &#8230; <a title=\"filezilla stores passwords in (almost) plain text\" class=\"read-more\" href=\"https:\/\/unordnung.net\/misc\/2019\/05\/filezilla-stores-passwords-in-almost-plain-text\/\">Read more<span class=\"screen-reader-text\">filezilla stores passwords in (almost) plain text<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-120","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":0,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"wp:attachment":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}